Description

Clickjacking by Wikipedia

Frameable response (potential Clickjacking) by PortSwigger

...

Description

SQL Injection overview by OWASP

SQL injection by Wikipedia

SQL statement in request parameter by PortSwigger
SQL injection (basic) by PortSwigger
SQL injection (second order) by PortSwigger
Client-side SQL injection (DOM-based) by PortSwigger
Client-side SQL injection (reflected DOM-based) by PortSwigger
Client-side SQL injection (stored DOM-based) by PortSwigger

Articles

The Ultimate SQL Injection Payload by Detectify

Videos

DEFCON 17: Advanced SQL Injection
Hacktivity 2012 - Joe McCray - Big Bang Theory - Pentesting high security environments

Tools

Sqlmap by Miroslav Stampar

...

Description

Cross-site Scripting (XSS) by OWASP

Cross-site scripting by Wikipedia

Cross-site scripting (DOM-based) by PortSwigger
Cross-site scripting (reflected) by PortSwigger
Cross-site scripting (reflected DOM-based) by PortSwigger
Cross-site scripting (stored) by PortSwigger
Cross-site scripting (stored DOM-based) by PortSwigger
Browser cross-site scripting filter disabled by PortSwigger

Tools

KNOXSS by Brute Logic
XSS Hunter by Mandatory

...

Description

Cross-Site Request Forgery (CSRF) by OWASP

Cross-site request forgery by Wikipedia

Cross-site request forgery by PortSwigger

...