https://chs.us/en-uscarl.sampson@gmail.com (Carl Sampson)carl.sampson@gmail.com (Carl Sampson)Fri, 10 Apr 2026 17:05:31 -0400https://chs.us/guides/xss/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/xss/A practitioner's reference for Cross-Site Scripting — attack surface, context-aware payloads, filter/WAF/CSP bypass techniques, framework-specific vulnerabilities, real-world chains, and detection/prevention. Compiled from 293 research sources.Security-GuidesXssWeb-SecurityJavascriptPenetration-Testinghttps://chs.us/guides/ssrf/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/ssrf/A practitioner's reference for Server-Side Request Forgery — attack surface, exploitation techniques, bypass methods, real-world chains, and detection/prevention. Compiled from 299 research sources.Security-GuidesSsrfWeb-SecurityCloud-SecurityPenetration-Testinghttps://chs.us/guides/sqli/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/sqli/A practitioner's reference for SQL Injection — attack classes, exploitation techniques, database-specific payloads, WAF bypass methods, ORM/NoSQL variants, real-world CVEs, and detection/prevention. Compiled from 33 research sources.Security-GuidesSqliDatabase-SecurityWeb-SecurityPenetration-Testinghttps://chs.us/guides/csrf/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/csrf/A practitioner's reference for Cross-Site Request Forgery — attack surface, exploitation techniques, SameSite and token bypasses, real-world chains, and detection/prevention. Compiled from 37 research sources.Security-GuidesCsrfWeb-SecuritySession-ManagementPenetration-Testinghttps://chs.us/guides/idor/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/idor/A practitioner's reference for Insecure Direct Object Reference (IDOR) and Broken Object Level Authorization (BOLA) — attack surface, enumeration patterns, bypass techniques, real-world writeups, detection workflow, and prevention. Compiled from 21 research sources.Security-GuidesIdorAuthorizationWeb-SecurityPenetration-Testinghttps://chs.us/guides/rce/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/rce/A practitioner's reference for Remote Code Execution — vulnerability classes, exploitation primitives, language-specific chains, real-world CVEs, and detection/prevention. Compiled from 63 research sources.Security-GuidesRceCode-InjectionWeb-SecurityPenetration-Testinghttps://chs.us/guides/xxe/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/xxe/A practitioner's reference for XML External Entity injection — fundamentals, parser quirks, in-band and out-of-band exfiltration, parameter entity chains, file-format vectors, real-world CVEs, tooling, and hardening. Compiled from 40 research sources.Security-GuidesXxeXml-SecurityWeb-SecurityPenetration-Testinghttps://chs.us/guides/deserialization/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/deserialization/A practitioner's reference for insecure deserialization — language-specific attack surface, gadget chain mechanics, real-world CVE chains, tools, and detection/prevention. Compiled from 47 research sources.Security-GuidesDeserializationObject-InjectionWeb-SecurityPenetration-Testinghttps://chs.us/guides/graphql/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/graphql/A practitioner's reference for attacking and defending GraphQL APIs — discovery, introspection, schema recovery, injection, authorization flaws, batching, DoS, subscriptions, CSRF/CSWSH, engine-specific quirks, and detection/prevention. Compiled from 31 research sources.Security-GuidesGraphqlApi-SecurityWeb-SecurityPenetration-Testinghttps://chs.us/guides/api-security/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/api-security/A practitioner's reference for API security — attack surface, OWASP API Top 10 exploitation, authentication and authorization bypasses, GraphQL-specific attacks, rate limit evasion, real-world chains, and detection/prevention. Compiled from 30 research sources.Security-GuidesApi-SecurityWeb-SecurityAuthenticationPenetration-Testinghttps://chs.us/guides/authz/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/authz/A practitioner's reference for Broken Access Control (OWASP A01) — the models, bug classes, bypass techniques, real-world chains, and detection/prevention patterns that matter in modern web and API testing. Compiled from 33 research sources.Security-GuidesAuthorizationAccess-ControlWeb-SecurityPenetration-Testinghttps://chs.us/guides/mobile/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/mobile/A practitioner's reference for iOS and Android application security — threat models, platform attack surface, reverse engineering, runtime instrumentation, bypass techniques, testing methodology, and defensive controls. Compiled from 16 research sources.Security-GuidesMobile-SecurityIos-SecurityAndroid-SecurityPenetration-Testinghttps://chs.us/guides/recon/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/recon/A practitioner's reference for web reconnaissance — attack surface discovery, subdomain enumeration, live host probing, content discovery, JS mining, cloud asset hunting, automation, and continuous monitoring. Compiled from 23 research sources.Security-GuidesReconnaissanceAttack-SurfaceEnumerationPenetration-Testinghttps://chs.us/guides/bug-bounty/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/bug-bounty/A practitioner's reference for modern bug bounty hunting — methodology, platforms, reconnaissance pipelines, vulnerability hunting, exploit chaining, report writing, and career strategy. Compiled from 97 research sources (the largest collection in the research library).Security-GuidesBug-BountyVulnerability-ResearchEthical-HackingPenetration-Testinghttps://chs.us/guides/burp-suite/Fri, 10 Apr 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/guides/burp-suite/A practitioner's reference for Burp Suite — core tools, essential extensions, Bambdas and BChecks, Collaborator, macros and session handling, custom extension development, Burp AI, and real-world testing workflows. Compiled from 69 research sources.Security-GuidesBurp-SuiteWeb-TestingSecurity-ToolsPenetration-Testing