# 进阶主题

- [不安全的反序列化](/wsa/advanced/deserialization.md)
- [不安全的反序列化](/wsa/advanced/deserialization/index.md)
- [利用不安全的反序列化漏洞](/wsa/advanced/deserialization/exploiting.md)
- [测试GraphQL API](/wsa/advanced/ce-shi-graphql-api.md)
- [测试GraphQL API](/wsa/advanced/ce-shi-graphql-api/ce-shi-graphql-api.md)
- [什么是GraphQL？](/wsa/advanced/ce-shi-graphql-api/shen-me-shi-graphql.md)
- [服务器端模板注入](/wsa/advanced/server-side-template-injection.md)
- [服务器端模板注入](/wsa/advanced/server-side-template-injection/index.md)
- [利用服务器端模板注入漏洞](/wsa/advanced/server-side-template-injection/exploiting.md)
- [Web缓存投毒](/wsa/advanced/web-cache-poisoning.md)
- [Web缓存投毒](/wsa/advanced/web-cache-poisoning/index.md)
- [缓存设计缺陷的利用](/wsa/advanced/web-cache-poisoning/exploiting-design-flaws.md)
- [缓存实现缺陷的利用](/wsa/advanced/web-cache-poisoning/exploiting-implementation-flaws.md)
- [HTTP Host标头攻击](/wsa/advanced/host-header.md)
- [HTTP Host标头攻击](/wsa/advanced/host-header/index.md)
- [如何识别和利用HTTP Host头的漏洞](/wsa/advanced/host-header/exploiting.md)
- [密码重置投毒](/wsa/advanced/host-header/password-reset-poisoning.md)
- [HTTP请求走私](/wsa/advanced/request-smuggling.md)
- [HTTP请求走私](/wsa/advanced/request-smuggling/index.md)
- [查找HTTP请求走私漏洞](/wsa/advanced/request-smuggling/finding.md)
- [利用HTTP请求走私漏洞](/wsa/advanced/request-smuggling/exploiting.md)
- [高级请求走私](/wsa/advanced/request-smuggling/advanced.md)
- [高级请求走私](/wsa/advanced/request-smuggling/advanced/index.md)
- [HTTP/2降级](/wsa/advanced/request-smuggling/advanced/http2-downgrading.md)
- [响应队列投毒](/wsa/advanced/request-smuggling/advanced/response-queue-poisoning.md)
- [HTTP/2专属载体](/wsa/advanced/request-smuggling/advanced/http2-exclusive-vectors.md)
- [HTTP请求隧道](/wsa/advanced/request-smuggling/advanced/request-tunnelling.md)
- [浏览器驱动的请求伪造](/wsa/advanced/request-smuggling/browser.md)
- [浏览器驱动的请求伪造](/wsa/advanced/request-smuggling/browser/index.md)
- [CL.0请求走私](/wsa/advanced/request-smuggling/browser/cl-0.md)
- [客户端异步攻击](/wsa/advanced/request-smuggling/browser/client-side-desync.md)
- [基于暂停的异步攻击](/wsa/advanced/request-smuggling/browser/pause-based-desync.md)
- [OAuth认证](/wsa/advanced/oauth.md)
- [OAuth 2.0认证漏洞](/wsa/advanced/oauth/index.md)
- [OAuth授权类型](/wsa/advanced/oauth/grant-types.md)
- [OpenID Connect](/wsa/advanced/oauth/openid.md)
- [如何防范OAuth认证漏洞](/wsa/advanced/oauth/preventing.md)
- [JWT攻击](/wsa/advanced/jwt.md)
- [JWT攻击](/wsa/advanced/jwt/index.md)
- [在Burp Suite中使用JWT](/wsa/advanced/jwt/working-with-jwts-in-burp-suite.md)
- [算法混淆攻击](/wsa/advanced/jwt/algorithm-confusion.md)
- [原型污染](/wsa/advanced/prototype-pollution.md)
- [什么是原型污染？](/wsa/advanced/prototype-pollution/shen-me-shi-yuan-xing-wu-ran.md)
- [JavaScript原型和继承](/wsa/advanced/prototype-pollution/javascript-prototypes-and-inheritance.md)
- [客户端](/wsa/advanced/prototype-pollution/client-side.md)
- [客户端原型污染漏洞](/wsa/advanced/prototype-pollution/client-side/ke-hu-duan-yuan-xing-wu-ran-lou-dong.md)
- [通过浏览器API进行原型污染](/wsa/advanced/prototype-pollution/client-side/browser-apis.md)
- [服务器端](/wsa/advanced/prototype-pollution/server-side.md)
- [服务器端原型污染](/wsa/advanced/prototype-pollution/server-side/fu-wu-qi-duan-yuan-xing-wu-ran.md)
- [预防原型污染漏洞](/wsa/advanced/prototype-pollution/preventing.md)
- [基本技能](/wsa/advanced/essential-skills.md)
- [基本技能](/wsa/advanced/essential-skills/index.md)
- [使用编码混淆攻击](/wsa/advanced/essential-skills/obfuscating-attacks-using-encodings.md)
- [在手动测试中使用Burp Scanner](/wsa/advanced/essential-skills/using-burp-scanner-during-manual-testing.md)