Wiki
Web Application Attacks

SQL Injections (SQLi), Cross-Site Scripting (XSS) & Co

The binsec Wiki's "Hacking III: Web Application Attacks" highlights that web applications often manage access through password-based authentication and role-specific permissions, making their attack surface broad and attractive. Inputs from forms, headers, cookies, and APIs all represent potential entry points, while client-side checks like JavaScript validation offer little real protection since they can be bypassed with interception tools such as Burp Suite. Even if only error pages appear, hidden directories may still reveal the actual application, requiring careful discovery. Once access is gained, security testing concentrates on well-known but critical flaws, SQL Injection (SQLi) and Cross-Site Scripting (XSS), which remain widespread threats as identified by OWASP and are examined in detail in separate sections of the guide.

Hacking III: Web Application Attacks

Provide knowledge
Our Wiki

This is our binsec wiki page.

binsec.wiki logo

How to scan networks

The "Hacking I: Scanning Networks" chapter of binsec.wiki's Pentest Training covers the critical first step in penetration testing: network reconnaissance. This phase involves mapping the attack surface by identifying active hosts, open ports, and the services running on those ports within a target network. Read more.

Online and Offline Password Attacks

The "Hacking II: Password Attacks" chapter of binsec.wiki's Pentest Training delves into a critical aspect of penetration testing: exploiting weak or compromised passwords to gain unauthorized access. The chapter distinguishes between online and offline password attacks. Read more.

Web Application Attacks

The Binsec Wiki’s "Hacking III: Web Application Attacks" explains that web apps with password-based roles expose a wide attack surface via forms, headers, and cookies. Client-side checks can be bypassed with tools like Burp Suite. Testing then focuses on common but critical flaws: SQL Injection (SQLi) and Cross-Site Scripting (XSS) - still among the most prevalent threats per OWASP. Read more.

Penetration Testing

Since 2013 we conduct professional penetration test, based on international industry standards and years of experience in penetration testing, red teaming and hacking.

As a company for professional penetration testing, we do some things differently than other pentest provider: As a penetration test firm, we do not sell vulnerability scans as pentest. We do also focus on business security risks. You are looking for a professionally conducted penetration tests? Get the binsec team for your Pentest. Read more about our pentest service.

Contact us

Pentest Knowledge and Tools

binsec.tools logo

Free pentest tools for your security analysis.

Pentest Tools
binsec.wiki logo

Take a look at our wiki page about pentesting.

Pentest WIKI
binsec FAQ logo

Straight answers to common pentesting questions.

Pentest FAQ
binsec news logo

News about pentesting and the binsec universe.

Pentest News

Company

binsec GmbH
Solmsstraße 41
60486 Frankfurt am Main
Germany

Contact

info@binsec.com

+49 692475607-0

Legal notice

Director: Patrick Sauer
Authorised Officer: Florian Zavatzki, Dominik Sauer
Registration: Frankfurt am Main, HRB97277
Turnover Tax Identification No.: DE290966808

© 2025 All rights reserved by binsec GmbH.

Privacy Notice

© 2025 All rights reserved by binsec GmbH.

Privacy Notice