https://diesec.home.blog/2021/06/05/elearnsecurity-web-application-penetration-tester-extreme-ewptxv2/
https://blog.elearnsecurity.com/focus-on-the-web-application-penetration-testing-extreme-training-course-waptx.html
https://medium.com/@klockw3rk/elearnsecurity-web-application-penetration-testing-course-wapt-ewpt-2f7480120b8e
https://www.linkedin.com/pulse/como-se-tornar-um-engenheiro-e-mestre-em-offensive-dos-santos/?originalSubdomain=pt
https://www.ethicalhacker.net/features/root/course-review-elearnsecurity-waptx-webapp-pentester-extreme/
https://community.infosecinstitute.com/discussion/129064/elearningsecurity-advanced-web-application-penetration-tester-ewptx-review
https://www.reddit.com/r/netsecstudents/comments/73728a/experience_with_elearnsecurity_web_application/
https://repo.zenk-security.com/Techniques%20d.attaques%20%20.%20%20Failles/LDAP%20Injection%20and%20Blind%20LDAP%20Injection.pdf
https://www.researchgate.net/publication/220049933_Vulnerabilities_of_LDAP_As_An_Authentication_Service
https://repo.zenk-security.com/Techniques%20d.attaques%20%20.%20%20Failles/LDAP%20Injection%20and%20Blind%20LDAP%20Injection.pdf
https://www.computerworld.com/article/3135727/attackers-abuse-exposed-ldap-servers-to-amplify-ddos-attacks.html
https://portswigger.net/daily-swig/vulnerabilities-in-single-sign-on-services-could-be-abused-to-bypass-authentication-controls
https://www.netspi.com/blog/technical/web-application-penetration-testing/attacking-sso-common-saml-vulnerabilities-ways-find/
https://www.researchgate.net/publication/257006846_An_authentication_flaw_in_browser-based_Single_Sign-On_protocols_Impact_and_remediations
https://www.okta.com/resources/whitepaper/5-identity-attacks-that-exploit-your-broken-authentication/
https://www.sciencedirect.com/topics/computer-science/server-side-attack#:~:text=Server%2Dside%20attacks%20(also%20called,client)%20to%20a%20listening%20service.&text=Patching%2C%20system%20hardening%2C%20firewalls%2C,depth%20mitigate%20server%2Dside%20attacks.
- Subtopic 1
https://knowledge-base.secureflag.com/vulnerabilities/unvalidated_redirects_forwards/server_side_request_forgery_vulnerability.html
https://github.com/OWASP/www-community/blob/master/pages/attacks/Server-Side_Includes_(SSI)_Injection.md
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.md
https://github.com/OWASP/www-project-web-security-testing-guide/blob/master/latest/6-Appendix/D-Encoded_Injection.md
https://github.com/OWASP/wstg/blob/master/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting.md
https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/top-level-protections/xml-entity-attack-protection.html
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md
https://null-byte.wonderhowto.com/how-to/advanced-techniques-bypass-defeat-xss-filters-part-1-0190257/
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
https://www.veracode.com/security/cross-site-request-forgery-guide-learn-all-about-csrf-attacks-and-csrf-protection
https://blog.sessionstack.com/how-javascript-works-csrf-attacks-7-mitigation-strategies-757dfb08e7a6
https://blog.qualys.com/vulnerabilities-threat-research/2015/01/14/do-your-anti-csrf-tokens-really-protect-your-applications-from-csrf-attack
https://security.stackexchange.com/questions/241149/sqli-filter-bypass-with-banned-table-column-names
https://www.reblaze.com/blog/serialization-attacks-what-they-are-and-how-to-prevent-them/#:~:text=A%20serialization%20attack%20happens%20when,into%20an%20in%2Dmemory%20structure.
https://securityboulevard.com/2018/06/deserialization-vulnerabilities-attacking-deserialization-in-js/
https://portswigger.net/web-security/deserialization#:~:text=Insecure%20deserialization%20is%20when%20user,data%20into%20the%20application%20code.&text=For%20this%20reason%2C%20insecure%20deserialization,an%20%22object%20injection%22%20vulnerability.
https://www.csoonline.com/article/3253572/what-is-cryptojacking-how-to-prevent-detect-and-recover-from-it.html
https://arstechnica.com/information-technology/2013/03/new-attacks-on-ssl-decrypt-authentication-cookies/
https://www.securitycompassadvisory.com/blog/api-security-testing-best-practices-key-vulnerabilities/
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md
XMind - Evaluation Version