Awesome Web Security Overview

🐶 A curated list of Web Security materials and resources.

🏠 Home · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor · 😺 qazbnm456/awesome-web-security · ⭐ 9K · 🏷️ Security

[ Daily / Weekly / Overview ]

Awesome Web Security Awesome

🐶 Curated list of Web Security materials and resources.

Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc. To combat this, here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques, and I highly encourage you to read this article "So you want to be a web security researcher?" first.

Please read the contribution guidelines before contributing.


🌈 Want to strengthen your penetration skills?
I would recommend playing some awesome-ctfs.


If you enjoy this awesome list and would like to support it, check out my Patreon page :)
Also, don't forget to check out my repos 🐾 or say hi on my Twitter!

Contents

Digests

Forums

Introduction

XSS - Cross-Site Scripting

Prototype Pollution

CSV Injection

SQL Injection

Command Injection

ORM Injection

FTP Injection

XXE - XML eXternal Entity

CSRF - Cross-Site Request Forgery

Clickjacking

SSRF - Server-Side Request Forgery

Web Cache Poisoning

Relative Path Overwrite

Open Redirect

Security Assertion Markup Language (SAML)

Upload

Rails

AngularJS

ReactJS

SSL/TLS

Webmail

NFS

AWS

Azure

Fingerprint

Sub Domain Enumeration

Crypto

Web Shell

OSINT

DNS Rebinding

Deserialization

OAuth

JWT

Evasions

XXE

CSP

WAF

JSMVC

Authentication

Tricks

CSRF

Clickjacking

Remote Code Execution

XSS

SQL Injection

NoSQL Injection

FTP Injection

XXE

SSRF

Web Cache Poisoning

Header Injection

URL

Deserialization

OAuth

Others

Browser Exploitation

Frontend (like SOP bypass, URL spoofing, and something like that)

Backend (core of Browser implementation, and often refers to C or C++ part)

PoCs

Database

Cheetsheets

Tools

Auditing

Command Injection

Reconnaissance

OSINT - Open-Source Intelligence

Sub Domain Enumeration

Code Generating

Fuzzing

Scanning

Penetration Testing

Offensive

XSS - Cross-Site Scripting

SQL Injection

Template Injection

XXE

Cross Site Request Forgery

Server-Side Request Forgery

Leaking

Detecting

Preventing

Proxy

Webshell

Disassembler

Decompiler

DNS Rebinding

Others

Social Engineering Database

Blogs

Twitter Users

Practices

Application

AWS

XSS

ModSecurity / OWASP ModSecurity Core Rule Set

Community

Miscellaneous

Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.

License

CC0

To the extent possible under law, @qazbnm456 has waived all copyright and related or neighboring rights to this work.