# Client-side topics

- [Cross-site scripting](/offsec-notes/portswigger-academy/client-side-topics/cross-site-scripting.md): https://portswigger.net/web-security/cross-site-scripting
- [Cross-origin resource sharing (CORS)](/offsec-notes/portswigger-academy/client-side-topics/cross-origin-resource-sharing-cors.md): https://portswigger.net/web-security/cors
- [Cross-site request forgery (CSRF)](/offsec-notes/portswigger-academy/client-side-topics/cross-site-request-forgery-csrf.md): https://portswigger.net/web-security/csrf
- [Clickjacking (UI redressing)](/offsec-notes/portswigger-academy/client-side-topics/clickjacking-ui-redressing.md): https://portswigger.net/web-security/clickjacking
- [DOM-based vulnerabilities](/offsec-notes/portswigger-academy/client-side-topics/dom-based-vulnerabilities.md): https://portswigger.net/web-security/dom-based
- [Testing for WebSockets security vulnerabilities](/offsec-notes/portswigger-academy/client-side-topics/testing-for-websockets-security-vulnerabilities.md): https://portswigger.net/web-security/websockets