appsec.fyi

Security Comparisons

15 side-by-side breakdowns of commonly confused security concepts.

Authentication vs Authorization Bug Bounty vs Penetration Testing DAST vs IAST vs RASP IDOR vs BOLA OAuth 2.0 vs SAML Penetration Testing vs Red Teaming SAST vs DAST SBOM vs SLSA SCA vs SAST SQL Injection vs NoSQL Injection SSRF vs CSRF Input Validation vs Output Encoding WAF vs RASP Stored XSS vs Reflected XSS vs DOM XSS XSS vs CSRF