Awesome Web Security Awesome

🐶 Curated list of Web Security materials and resources.

Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc. To combat this, here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques, and I highly encourage you to read this article "So you want to be a web security researcher?" first.

Please read the contribution guidelines before contributing.



If you enjoy this awesome list and would like to support it, check out my Patreon page :)Also, don't forget to check out my repos 🐾 or say hi on my Twitter!

Contents

Forums

Resources

Tips

XSS - Cross-Site Scripting

CSV Injection

SQL Injection

Command Injection

ORM Injection

FTP Injection

XXE - XML eXternal Entity

CSRF - Cross-Site Request Forgery

SSRF - Server-Side Request Forgery

Open Redirect

Rails

AngularJS

ReactJS

SSL/TLS

Webmail

NFS

AWS

Fingerprint

Sub Domain Enumeration

Crypto

Web Shell

OSINT

Books

Evasions

CSP

WAF

JSMVC

Authentication

Tricks

CSRF

Remote Code Execution

XSS

SQL Injection

NoSQL Injection

FTP Injection

XXE

SSRF

Header Injection

URL

Others

Browser Exploitation

Frontend (like SOP bypass, URL spoofing, and something like that)

Backend (core of Browser implementation, and often refers to C or C++ part)

PoCs

Database

Tools

Auditing

Command Injection

Reconnaissance

OSINT - Open-Source Intelligence

Sub Domain Enumeration

Code Generating

Fuzzing

Penetration Testing

Offensive

XSS - Cross-Site Scripting

SQL Injection

Template Injection

Leaking

Detecting

Preventing

Proxy

Webshell

Disassembler

Decompiler

Others

Social Engineering Database

use at your own risk

Blogs

Twitter Users

Practices

Application

AWS

XSS

ModSecurity / OWASP ModSecurity Core Rule Set

Community

Miscellaneous

Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.

License

CC0

To the extent possible under law, @qazbnm456 has waived all copyright and related or neighboring rights to this work.