Category
実践Webアプリハッキング技法(攻撃手法の深掘り:SQLi/XSS/SSRF/JWT/認証/SSTI)— 公式ドキュメント忠実の脆弱性診断ガイド
Webアプリ診断は才能ではなく『再現可能な方法論』です。本クラスタは、攻撃クラスの地図(サーバーサイド→クライアントサイド→高度)と、偵察→マッピング→テスト→悪用→報告という型をピラーに据え、主要な攻撃手法——SQLi・XSS・SSRF・JWT・認証・SSTI——を一次情報(PortSwigger Web Security Academy・OWASP)に忠実に深掘りします。全ての手順は3つの安全地帯(自分の資産/CTF/書面で許可されたスコープ)に閉じ、各攻撃は必ず『どう刺さるか』と『どう設計で潰すか(パラメータ化・出力エンコード・許可リスト・署名検証・認可のサーバー強制)』を対で示します。攻撃を理解した者だけが、設計段階で『どこが破れるか』を先回りで潰せる——一人 × 生成AIで経済産業大臣賞のB2B SaaSや本番二重課金0件の決済基盤を作ってきた『速く作る力と安全に作る力は同じコインの裏表』という立場で、学ぶ個人にも、診断を発注するか迷う企業にも役立つ判断材料を提供します。攻撃ツールの使い方(Burp Suite)やキャリア・法律は『ホワイトハッカー入門』クラスタ、Next.js × Supabase に特化した防御の自動検出は『アプリ層セキュリティ』クラスタを参照してください。
7 articles in total
Foundational guide
Foundational guide (start here)
The big picture of practical web-app hacking techniques [2026]: a map of attack classes and an assessment methodology — a version faithful to the official docs
A complete guide to systematically learning web-app attack techniques. It maps the major attack classes — SQLi, XSS, SSRF, JWT, authentication, SSTI — faithfully to the PortSwigger Web Security Academy and OWASP, and organizes them as an assessment methodology of recon → mapping → testing → exploitation → reporting. With legal procedures that complete entirely within your own assets / authorized scope, it explains each attack's 'why it lands' paired with 'how to prevent it by design.'
Related practical articles
- セキュリティホワイトハッカー認証脆弱性診断Webセキュリティ
A complete conquest of authentication vulnerabilities [2026]: username enumeration, brute force, 2FA bypass, password reset — a version faithful to the official docs
An in-depth look at vulnerabilities and attack techniques in authentication (login) mechanisms, faithful to the PortSwigger Web Security Academy. Username enumeration (message differences, response-time differences), brute force and bypassing rate limits, account-lockout loopholes, multi-factor authentication (2FA/MFA) bypass, password-reset poisoning, Remember Me / password-change flaws, and root-cause defenses via rate limiting, constant responses, MFA, and safe reset design — explained strictly within your own lab.
6 min read - セキュリティホワイトハッカーJWT脆弱性診断Webセキュリティ
A complete conquest of JWT attacks [2026]: alg:none, key brute force, algorithm confusion, jwk/jku/kid injection — a version faithful to the official docs
An in-depth look at JWT (JSON Web Token) attack techniques, faithful to the PortSwigger Web Security Academy. The mechanisms of signature-verification flaws (accepting arbitrary signatures, alg:none), hashcat brute force of weak HS256 secrets, jwk/jku/kid header injection, and RS256→HS256 algorithm confusion (key confusion), plus root-cause defenses via algorithm pinning, strict signature verification, and a jku host allowlist — explained with examples limited to your own lab.
6 min read - セキュリティホワイトハッカーSSTI脆弱性診断Webセキュリティ
A complete conquest of SSTI (server-side template injection) [2026]: detection, engine identification, RCE — a version faithful to the official docs
An in-depth look at server-side template injection (SSTI) attack techniques, faithful to the PortSwigger Web Security Academy. From the cause the vulnerability arises, detection (the polyglot ${{<%[%'"}}%\ and arithmetic evaluation), template-engine identification (Jinja2/Twig/Freemarker/ERB), and exploitation from information disclosure to file reading and remote code execution (RCE), to root-cause defenses via 'don't make user input a template' and 'logic-less engines / sandboxes' — explained with examples limited to your own lab.
5 min read - セキュリティホワイトハッカーSQLインジェクション脆弱性診断Webセキュリティ
A complete conquest of SQL injection attacks [2026]: UNION, blind, time-based, sqlmap, WAF bypass — a version faithful to the official docs
An in-depth look at SQL injection (SQLi) attack techniques, faithful to the PortSwigger Web Security Academy. Retrieving hidden data, subverting authentication logic, lateral movement via UNION, identifying the column count and data types, blind SQLi (boolean conditions, time-based, OAST), hands-on sqlmap, the basics of WAF bypass, and the root-cause defense via parameterized queries — explained with real payloads limited to your own lab.
8 min read - セキュリティホワイトハッカーSSRF脆弱性診断AWS
A complete conquest of SSRF attacks [2026]: cloud-metadata theft, blind SSRF, filter bypass — a version faithful to the official docs
An in-depth look at server-side request forgery (SSRF) attack techniques, faithful to the PortSwigger Web Security Academy. Reaching the server itself (localhost) and internal systems, stealing credentials from the cloud-metadata endpoint (169.254.169.254), bypassing blacklist/whitelist filters, bypass via an open redirect, OAST detection of blind SSRF where no response returns, and root-cause defense via an allowlist + IMDSv2 — explained limited to your own lab.
6 min read - セキュリティホワイトハッカーXSS脆弱性診断Webセキュリティ
A complete conquest of XSS attacks [2026]: reflected, stored, DOM-based / context-specific payloads / CSP bypass — a version faithful to the official docs
An in-depth look at cross-site scripting (XSS) attack techniques, faithful to the PortSwigger Web Security Academy. The differences and detection of reflected, stored, and DOM-based; crafting payloads for the HTML/attribute/JavaScript/URL contexts; DOM-based XSS traced source→sink; the role of CSP (Content Security Policy) and the thinking behind bypassing it; and root-cause defenses via context-specific output encoding and Trusted Types — explained with examples limited to your own lab.
6 min read