These notes are public, opinionated, and evolving — read abdelkader.ma for the long-form posts.
Web SecurityOverview

Web Security

This section is the centre of gravity for the whole notebook. Almost every engagement I take, every CTF I play, and every bug bounty report I write touches one of these classes.

The pages here are intentionally short. Each one solves one problem — the moment a target reveals it has SQL injection, you should be able to open the right page in 20 seconds and know what to try first.

Pages

More pages get added when I learn something worth writing down. The reading order does not matter.

SQL Injection Basics