Description

CORS OriginHeaderScrutiny by OWASP

Cross-origin resource sharing by Wikipedia

Cross-origin resource sharing by PortSwigger
Cross-origin resource sharing: arbitrary origin trusted by PortSwigger
Cross-origin resource sharing: unencrypted origin trusted by PortSwigger
Cross-origin resource sharing: all subdomains trusted by PortSwigger

Articles

Exploiting CORS Misconfigurations for Bitcoins and Bounties by PortSwigger
Exploiting Misconfigured CORS by Geekboy
Critical Issue Opened Private Chats of Facebook Messenger Users by Cynet

Tools

testcors by me

...

Description

Clickjacking by Wikipedia

Frameable response (potential Clickjacking) by PortSwigger

...

Description

SQL Injection overview by OWASP

SQL injection by Wikipedia

SQL statement in request parameter by PortSwigger
SQL injection (basic) by PortSwigger
SQL injection (second order) by PortSwigger
Client-side SQL injection (DOM-based) by PortSwigger
Client-side SQL injection (reflected DOM-based) by PortSwigger
Client-side SQL injection (stored DOM-based) by PortSwigger

Articles

The Ultimate SQL Injection Payload by Detectify

Videos

DEFCON 17: Advanced SQL Injection
Hacktivity 2012 - Joe McCray - Big Bang Theory - Pentesting high security environments

Tools

Sqlmap by Miroslav Stampar

...

Description

Cross-site Scripting (XSS) by OWASP

Cross-site scripting by Wikipedia

Cross-site scripting (DOM-based) by PortSwigger
Cross-site scripting (reflected) by PortSwigger
Cross-site scripting (reflected DOM-based) by PortSwigger
Cross-site scripting (stored) by PortSwigger
Cross-site scripting (stored DOM-based) by PortSwigger
Browser cross-site scripting filter disabled by PortSwigger

Tools

KNOXSS by Brute Logic
XSS Hunter by Mandatory

...

Description

Cross-Site Request Forgery (CSRF) by OWASP

Cross-site request forgery by Wikipedia

Cross-site request forgery by PortSwigger

...