# Web

- [401/403 Bypass](/hacktrain/pt/web/401_403_bypass.md)
- [API](/hacktrain/pt/web/api.md)
- [Google API keys](/hacktrain/pt/web/api/google-api-keys.md)
- [Swagger UI](/hacktrain/pt/web/api/swagger-ui.md)
- [Authentication-authorization](/hacktrain/pt/web/authentication-authorization.md)
- [MFA Bypass](/hacktrain/pt/web/authentication-authorization/mfa-bypass.md)
- [OAuth & OIDC](/hacktrain/pt/web/authentication-authorization/oauth-oidc.md)
- [Password-based login](/hacktrain/pt/web/authentication-authorization/password-based-login.md)
- [SAML](/hacktrain/pt/web/authentication-authorization/saml.md)
- [Session Management](/hacktrain/pt/web/authentication-authorization/session-management.md)
- [Broken Access Control](/hacktrain/pt/web/bac.md)
- [CMS](/hacktrain/pt/web/cms.md)
- [Command Injection](/hacktrain/pt/web/command-injection.md)
- [Common Frameworks and libraries](/hacktrain/pt/web/frameworks_libraries.md)
- [Cross-site Request Forgery](/hacktrain/pt/web/csrf.md)
- [CSV/XLSX/Doc/Latex formula injection](/hacktrain/pt/web/xlsx_formula_injection.md)
- [Dangling Markup](/hacktrain/pt/web/dangling-markup.md)
- [Deserialization](/hacktrain/pt/web/deserialization-attacks.md)
- [E-mail injection](/hacktrain/pt/web/email-injection.md)
- [F5 BIG-IP load balancer persistence cookies](/hacktrain/pt/web/bigip-cookie.md)
- [File Upload](/hacktrain/pt/web/file-upload.md)
- [HTTP header injection](/hacktrain/pt/web/header-injection.md)
- [HTTPS cachable responses](/hacktrain/pt/web/https_cacheable_responses.md)
- [JWE](/hacktrain/pt/web/jwe.md)
- [JWT](/hacktrain/pt/web/jwt.md)
- [Platforms](/hacktrain/pt/web/platforms.md)
- [ServiceNow](/hacktrain/pt/web/platforms/servicenow.md)
- [SAP](/hacktrain/pt/web/platforms/sap.md)
- [Web Cache Poisoning](/hacktrain/pt/web/web_cache_poisoning.md)
- [XSS](/hacktrain/pt/web/xss.md)
- [Basics](/hacktrain/pt/web/xss/xss.md)
- [DOM-XSS via postMessage API](/hacktrain/pt/web/xss/dom-xss-via-postmessage.md)
- [Mutation XSS](/hacktrain/pt/web/xss/mutation-xss.md)
- [XSS via JSONP](/hacktrain/pt/web/xss/xss-via-jsonp.md)
- [XSS via SVG](/hacktrain/pt/web/xss/xss-via-svg.md)