Awesome-Mirrors/awesome-web-security
1
0
Fork 0
mirror of https://github.com/qazbnm456/awesome-web-security.git synced 2024-10-01 03:15:46 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add the 'Clickjacking' section

Browse Source
This commit is contained in:
Boik 2019-08-25 22:49:27 +08:00
parent c15e0141f4
commit 2187998d25
3 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README-jp.md
View File

@ -29,6 +29,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [FTP Injection](#ftp-injection)
- [XXE](#xxe---xml-external-entity)
- [CSRF](#csrf---cross-site-request-forgery)
- [Clickjacking](#clickjacking)
- [SSRF](#ssrf---server-side-request-forgery)
- [Web Cache Poisoning](#web-cache-poisoning)
- [Relative Path Overwrite](#relative-path-overwrite)
@ -56,6 +57,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [Authentication](#evasions-authentication)
- [Tricks](#tricks)
- [CSRF](#tricks-csrf)
- [Clickjacking](#tricks-clickjacking)
- [Remote Code Execution](#tricks-rce)
- [XSS](#tricks-xss)
- [SQL Injection](#tricks-sql-injection)
@ -182,6 +184,12 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [Wiping Out CSRF](https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f) - Written by [@jrozner](https://medium.com/@jrozner).
<a name="clickjacking"></a>
### Clickjacking
- [Clickjacking](https://www.imperva.com/learn/application-security/clickjacking/) - Written by [Imperva](https://www.imperva.com/).
- [X-Frame-Options: All about Clickjacking?](https://github.com/cure53/Publications/blob/master/xfo-clickjacking.pdf?raw=true) - Written by [Mario Heiderich](http://www.slideshare.net/x00mario).
<a name="ssrf"></a>
### SSRF - Server-Side Request Forgery
@ -332,6 +340,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [Stealing CSRF tokens with CSS injection (without iFrames)](https://github.com/dxa4481/cssInjection) - Written by [@dxa4481](https://github.com/dxa4481).
- [Cracking Javas RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters](https://blog.securityevaluators.com/cracking-javas-rng-for-csrf-ea9cacd231d2) - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
<a name="tricks-clickjacking"></a>
### Clickjacking
- [Clickjackings in Google worth 14981.7$](https://medium.com/@raushanraj_65039/google-clickjacking-6a04132b918a) - Written by [@raushanraj_65039](https://medium.com/@raushanraj_65039).
<a name="tricks-rce"></a>
### Remote Code Execution

15
README-zh.md
View File

@ -29,6 +29,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [FTP Injection](#ftp-injection)
- [XXE](#xxe---xml-external-entity)
- [CSRF](#csrf---cross-site-request-forgery)
- [Clickjacking](#clickjacking)
- [SSRF](#ssrf---server-side-request-forgery)
- [Web Cache Poisoning](#web-cache-poisoning)
- [Relative Path Overwrite](#relative-path-overwrite)
@ -56,6 +57,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [Authentication](#evasions-authentication)
- [Tricks](#tricks)
- [CSRF](#tricks-csrf)
- [Clickjacking](#tricks-clickjacking)
- [Remote Code Execution](#tricks-rce)
- [XSS](#tricks-xss)
- [SQL Injection](#tricks-sql-injection)
@ -196,6 +198,13 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [Wiping Out CSRF](https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f) - Written by [@jrozner](https://medium.com/@jrozner).
- [讓我們來談談 CSRF](http://blog.techbridge.cc/2017/02/25/csrf-introduction/) - Written by [TechBridge](http://blog.techbridge.cc/).
<a name="clickjacking"></a>
### Clickjacking
- [Clickjacking](https://www.imperva.com/learn/application-security/clickjacking/) - Written by [Imperva](https://www.imperva.com/).
- [X-Frame-Options: All about Clickjacking?](https://github.com/cure53/Publications/blob/master/xfo-clickjacking.pdf?raw=true) - Written by [Mario Heiderich](http://www.slideshare.net/x00mario).
- [新增幾項設定來防範 Clickjacking Frame Attack](https://blog.m157q.tw/posts/2018/07/23/clickjacking-frame-attack-defense/) - Written by [M157q](https://blog.m157q.tw/).
<a name="ssrf"></a>
### SSRF - Server-Side Request Forgery
@ -359,6 +368,12 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [Stealing CSRF tokens with CSS injection (without iFrames)](https://github.com/dxa4481/cssInjection) - Written by [@dxa4481](https://github.com/dxa4481).
- [Cracking Javas RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters](https://blog.securityevaluators.com/cracking-javas-rng-for-csrf-ea9cacd231d2) - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
<a name="tricks-clickjacking"></a>
### Clickjacking
- [Clickjackings in Google worth 14981.7$](https://medium.com/@raushanraj_65039/google-clickjacking-6a04132b918a) - Written by [@raushanraj_65039](https://medium.com/@raushanraj_65039).
- [Bug Bounty 獎金獵人甘苦談 - 那些年我回報過的漏洞](https://speakerdeck.com/p8361/bug-bounty-jiang-jin-lie-ren-gan-ku-tan-na-xie-nian-wo-hui-bao-guo-de-lou-dong) - Written by [Orange](http://blog.orange.tw/).
<a name="tricks-rce"></a>
### Remote Code Execution

13
README.md
View File

@ -29,6 +29,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [FTP Injection](#ftp-injection)
- [XXE](#xxe---xml-external-entity)
- [CSRF](#csrf---cross-site-request-forgery)
- [Clickjacking](#clickjacking)
- [SSRF](#ssrf---server-side-request-forgery)
- [Web Cache Poisoning](#web-cache-poisoning)
- [Relative Path Overwrite](#relative-path-overwrite)
@ -56,6 +57,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [Authentication](#evasions-authentication)
- [Tricks](#tricks)
- [CSRF](#tricks-csrf)
- [Clickjacking](#tricks-clickjacking)
- [Remote Code Execution](#tricks-rce)
- [XSS](#tricks-xss)
- [SQL Injection](#tricks-sql-injection)
@ -179,6 +181,12 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [Wiping Out CSRF](https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f) - Written by [@jrozner](https://medium.com/@jrozner).
<a name="clickjacking"></a>
### Clickjacking
- [Clickjacking](https://www.imperva.com/learn/application-security/clickjacking/) - Written by [Imperva](https://www.imperva.com/).
- [X-Frame-Options: All about Clickjacking?](https://github.com/cure53/Publications/blob/master/xfo-clickjacking.pdf?raw=true) - Written by [Mario Heiderich](http://www.slideshare.net/x00mario).
<a name="ssrf"></a>
### SSRF - Server-Side Request Forgery
@ -329,6 +337,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [Stealing CSRF tokens with CSS injection (without iFrames)](https://github.com/dxa4481/cssInjection) - Written by [@dxa4481](https://github.com/dxa4481).
- [Cracking Javas RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters](https://blog.securityevaluators.com/cracking-javas-rng-for-csrf-ea9cacd231d2) - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
<a name="tricks-clickjacking"></a>
### Clickjacking
- [Clickjackings in Google worth 14981.7$](https://medium.com/@raushanraj_65039/google-clickjacking-6a04132b918a) - Written by [@raushanraj_65039](https://medium.com/@raushanraj_65039).
<a name="tricks-rce"></a>
### Remote Code Execution