# Server-side topics

- [Authentication vulnerabilities](/offsec-notes/portswigger-academy/server-side-topics/authentication-vulnerabilities.md): https://portswigger.net/web-security/authentication
- [OS Command Injection](/offsec-notes/portswigger-academy/server-side-topics/os-command-injection.md): https://portswigger.net/web-security/os-command-injection
- [File Path Traversal](/offsec-notes/portswigger-academy/server-side-topics/file-path-traversal.md): https://portswigger.net/web-security/file-path-traversal
- [Business logic vulnerabilities](/offsec-notes/portswigger-academy/server-side-topics/business-logic-vulnerabilities.md): https://portswigger.net/web-security/logic-flaws
- [Information disclosure vulnerabilities](/offsec-notes/portswigger-academy/server-side-topics/information-disclosure-vulnerabilities.md): https://portswigger.net/web-security/information-disclosure
- [Access control vulnerabilities and privilege escalation](/offsec-notes/portswigger-academy/server-side-topics/access-control-vulnerabilities-and-privilege-escalation.md): https://portswigger.net/web-security/access-control
- [File upload vulnerabilities](/offsec-notes/portswigger-academy/server-side-topics/file-upload-vulnerabilities.md): https://portswigger.net/web-security/file-upload
- [Server-side request forgery (SSRF)](/offsec-notes/portswigger-academy/server-side-topics/server-side-request-forgery-ssrf.md): https://portswigger.net/web-security/ssrf
- [XML external entity (XXE) injection](/offsec-notes/portswigger-academy/server-side-topics/xml-external-entity-xxe-injection.md): https://portswigger.net/web-security/xxe