Skip to content

Web Languages

HTML/CSS , JavaScript , TypeScript , PHP — the browser and the server-side glue that makes the web render and the APIs that feed it. Every security bug that matters in web applications lives somewhere in these languages — DOM clobbering in HTML , prototype pollution in JS , type confusion in TypeScript , the endless PHP CVEs that keep the InfoSec industry employed. Start here if you're testing web apps or building frontends

what you'll find here

  • HTML & CSS — DOM structure , selectors , layout , accessibility , security (XSS , CSP)
  • JavaScript — ES6+ , closures , prototypes , async , DOM API , security (XSS , prototype pollution)
  • TypeScript — Types , interfaces , generics , advanced types , security (type confusion , unsafe casts)
  • PHP — Server-side scripting , superglobals , sessions , security (the long list of PHP footguns)

first topic -> html-css.md