# WEB SECURITY

- [Path Traversal](https://beafn28.gitbook.io/beafn28/web-security/path-traversal.md)
- [SQL Injection](https://beafn28.gitbook.io/beafn28/web-security/sql-injection.md)
- [Control de Acceso](https://beafn28.gitbook.io/beafn28/web-security/control-de-acceso.md)
- [Laboratorios PortSwigger](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger.md)
- [SQL Injection](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/sql-injection.md)
- [Authentication](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/authentication.md)
- [Path Traversal](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/path-traversal.md)
- [OS command injection](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/os-command-injection.md)
- [Business logic vulnerabilities](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/business-logic-vulnerabilities.md)
- [Information disclosure](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/information-disclosure.md)
- [Access control](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/access-control.md)
- [File upload vulnerabilities](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/file-upload-vulnerabilities.md)
- [Race conditions](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/race-conditions.md)
- [Server-side request forgery (SSRF)](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/server-side-request-forgery-ssrf.md)
- [XML external entity (XXE) injection](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/xml-external-entity-xxe-injection.md)
- [Cross-site scripting](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/cross-site-scripting.md)
- [Cross-site request forgery (CSRF)](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/cross-site-request-forgery-csrf.md)
- [Clickjacking](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/clickjacking.md)
- [DOM-based vulnerabilities](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/dom-based-vulnerabilities.md)
- [API testing](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/api-testing.md)
- [HTTP request smuggling](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/http-request-smuggling.md)
- [WebSockets](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/websockets.md)
- [Web cache poisoning](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/web-cache-poisoning.md)
- [Insecure deserialization](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/insecure-deserialization.md)
- [HTTP Host header attacks](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/http-host-header-attacks.md)
- [OAuth authentication](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/oauth-authentication.md)
- [JWT](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/jwt.md)
- [Essential Skills](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/essential-skills.md)
- [Prototype pollution](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/prototype-pollution.md)
- [GraphQL API vulnerabilities](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/graphql-api-vulnerabilities.md)
- [NoSQL injection](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/nosql-injection.md)
- [Web LLM attacks](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/web-llm-attacks.md)
- [Web cache deception](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/web-cache-deception.md)
- [Cross-origin resource sharing (CORS)](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/cross-origin-resource-sharing-cors.md)
- [Server-side template injection](https://beafn28.gitbook.io/beafn28/web-security/laboratorios-portswigger/server-side-template-injection.md)
- [Curso web s4vitar](https://beafn28.gitbook.io/beafn28/web-security/curso-web-s4vitar.md)
- [BSCP (Cheat Sheet)](https://beafn28.gitbook.io/beafn28/web-security/bscp-cheat-sheet.md)
- [JWT](https://beafn28.gitbook.io/beafn28/web-security/bscp-cheat-sheet/jwt.md)
- [Authentication](https://beafn28.gitbook.io/beafn28/web-security/bscp-cheat-sheet/authentication.md)
- [Web Sockets](https://beafn28.gitbook.io/beafn28/web-security/bscp-cheat-sheet/web-sockets.md)
- [Web Cache Poisoning](https://beafn28.gitbook.io/beafn28/web-security/bscp-cheat-sheet/web-cache-poisoning.md)
- [Insecure deserialization](https://beafn28.gitbook.io/beafn28/web-security/bscp-cheat-sheet/insecure-deserialization.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://beafn28.gitbook.io/beafn28/web-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.