# Web application attacks

- [Command injection](/4.-exploitation/web-application-attacks/command-injection.md)
- [Cross site scripting](/4.-exploitation/web-application-attacks/cross-site-scripting.md)
- [Directory traversal](/4.-exploitation/web-application-attacks/directory-traversal.md)
- [File inclusion](/4.-exploitation/web-application-attacks/file-inclusion.md)
- [SQL injection](/4.-exploitation/web-application-attacks/sql-injection.md)