# Server Attacks

- [Collisions](/leet-sheet/web-app-hacking/server-attacks/collisions.md)
- [Server Side Request Forgery](/leet-sheet/web-app-hacking/server-attacks/server-side-request-forgery.md): SSRF / Server Side Request Forgery
- [Redis SSRF](/leet-sheet/web-app-hacking/server-attacks/server-side-request-forgery/redis-ssrf.md)
- [Insecure Direct Object Reference](/leet-sheet/web-app-hacking/server-attacks/insecure-direct-object-reference.md)
- [Timing-Based Side-Channel Attacks](/leet-sheet/web-app-hacking/server-attacks/timing-based-side-channel-attacks.md)
- [Attacking Authentication Methods](/leet-sheet/web-app-hacking/server-attacks/attacking-authentication-methods.md)
- [JWT Attacks](/leet-sheet/web-app-hacking/server-attacks/attacking-authentication-methods/jwt-attacks.md)
- [Brute Forcing Web Forms](/leet-sheet/web-app-hacking/server-attacks/attacking-authentication-methods/brute-forcing-web-forms.md): Usually used to attack a login form
- [Loose Comparisons](/leet-sheet/web-app-hacking/server-attacks/loose-comparisons.md)
- [Unrestricted File Upload](/leet-sheet/web-app-hacking/server-attacks/page-3.md)
- [Insecure Deserialization](/leet-sheet/web-app-hacking/server-attacks/page-2.md)
- [Command Injection](/leet-sheet/web-app-hacking/server-attacks/page-1.md)
- [Path Traversal](/leet-sheet/web-app-hacking/server-attacks/path-traversal.md)
- [File Inclusion](/leet-sheet/web-app-hacking/server-attacks/file-inclusion.md)
- [Server-Side Template Injection](/leet-sheet/web-app-hacking/server-attacks/server-side-template-injection.md)
- [XML External Entities Injection (XXE)](/leet-sheet/web-app-hacking/server-attacks/xml-external-entities-injection-xxe.md)
- [Server Misconfigurations](/leet-sheet/web-app-hacking/server-attacks/server-misconfigurations.md)
- [Parser Inconsistencies](/leet-sheet/web-app-hacking/server-attacks/parser-inconsistencies.md)
- [Bypassing WAFs](/leet-sheet/web-app-hacking/server-attacks/bypassing-wafs.md): Bypass web application firewalls