Awesome-Mirrors/awesome-web-security
1
0
Fork 0
mirror of https://github.com/qazbnm456/awesome-web-security.git synced 2025-03-12 17:56:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge 92baea3898905a4b2452a90c3a5996b690c49b3e into 37d1ea643dc9de9ffc698036b71088dcf0d9d8a5

Browse Source
This commit is contained in:
mazzma12 2022-05-05 14:37:20 +00:00 committed by GitHub
commit ccfb699849
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 315 additions and 294 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

203
README-jp.md
View File

@ -18,104 +18,110 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
## Contents
- [Digests](#digests)
- [Forums](#forums)
- [Introduction](#intro)
- [XSS](#xss---cross-site-scripting)
- [Prototype Pollution](#prototype-pollution)
- [CSV Injection](#csv-injection)
- [SQL Injection](#sql-injection)
- [Command Injection](#command-injection)
- [ORM Injection](#orm-injection)
- [FTP Injection](#ftp-injection)
- [XXE](#xxe---xml-external-entity)
- [CSRF](#csrf---cross-site-request-forgery)
- [Clickjacking](#clickjacking)
- [SSRF](#ssrf---server-side-request-forgery)
- [Web Cache Poisoning](#web-cache-poisoning)
- [Relative Path Overwrite](#relative-path-overwrite)
- [Open Redirect](#open-redirect)
- [SAML](#saml)
- [Upload](#upload)
- [Rails](#rails)
- [AngularJS](#angularjs)
- [ReactJS](#reactjs)
- [SSL/TLS](#ssltls)
- [Webmail](#webmail)
- [NFS](#nfs)
- [AWS](#aws)
- [Azure](#azure)
- [Fingerprint](#fingerprint)
- [Sub Domain Enumeration](#sub-domain-enumeration)
- [Crypto](#crypto)
- [Web Shell](#web-shell)
- [OSINT](#osint)
- [DNS Rebinding](#dns-rebinding)
- [Deserialization](#deserialization)
- [OAuth](#oauth)
- [JWT](#jwt)
- [Evasions](#evasions)
- [XXE](#evasions-xxe)
- [CSP](#evasions-csp)
- [WAF](#evasions-waf)
- [JSMVC](#evasions-jsmvc)
- [Authentication](#evasions-authentication)
- [Tricks](#tricks)
- [CSRF](#tricks-csrf)
- [Clickjacking](#tricks-clickjacking)
- [Remote Code Execution](#tricks-rce)
- [XSS](#tricks-xss)
- [SQL Injection](#tricks-sql-injection)
- [NoSQL Injection](#tricks-nosql-injection)
- [FTP Injection](#tricks-ftp-injection)
- [XXE](#tricks-xxe)
- [SSRF](#tricks-ssrf)
- [Web Cache Poisoning](#tricks-web-cache-poisoning)
- [Header Injection](#tricks-header-injection)
- [URL](#tricks-url)
- [Deserialization](#tricks-deserialization)
- [OAuth](#tricks-oauth)
- [Others](#tricks-others)
- [Browser Exploitation](#browser-exploitation)
- [PoCs](#pocs)
- [Database](#pocs-database)
- [Cheetsheets](#cheetsheets)
- [Tools](#tools)
- [Auditing](#tools-auditing)
- [Command Injection](#tools-command-injection)
- [Reconnaissance](#tools-reconnaissance)
- [OSINT](#tools-osint)
- [Sub Domain Enumeration](#tools-sub-domain-enumeration)
- [Code Generating](#tools-code-generating)
- [Fuzzing](#tools-fuzzing)
- [Scanning](#tools-scanning)
- [Penetration Testing](#tools-penetration-testing)
- [Leaking](#tools-leaking)
- [Offensive](#tools-offensive)
- [XSS](#tools-xss)
- [SQL Injection](#tools-sql-injection)
- [Template Injection](#tools-template-injection)
- [XXE](#tools-xxe)
- [CSRF](#tools-csrf)
- [SSRF](#tools-ssrf)
- [Detecting](#tools-detecting)
- [Preventing](#tools-preventing)
- [Proxy](#tools-proxy)
- [Webshell](#tools-webshell)
- [Disassembler](#tools-disassembler)
- [Decompiler](#tools-decompiler)
- [DNS Rebinding](#tools-dns-rebinding)
- [Others](#tools-others)
- [Social Engineering Database](#social-engineering-database)
- [Blogs](#blogs)
- [Twitter Users](#twitter-users)
- [Practices](#practices)
- [Application](#practices-application)
- [AWS](#practices-aws)
- [XSS](#practices-xss)
- [ModSecurity / OWASP ModSecurity Core Rule Set](#practices-modsecurity)
- [Community](#community)
- [Miscellaneous](#miscellaneous)
- [Awesome Web Security - JP ![Awesome](https://github.com/sindresorhus/awesome)](#awesome-web-security---jp-)
- [Contents](#contents)
- [Digests](#digests)
- [Forums](#forums)
- [Introduction](#introduction)
- [XSS - Cross-Site Scripting](#xss---cross-site-scripting)
- [Prototype Pollution](#prototype-pollution)
- [CSV Injection](#csv-injection)
- [SQL Injection](#sql-injection)
- [Command Injection](#command-injection)
- [ORM Injection](#orm-injection)
- [FTP Injection](#ftp-injection)
- [XXE - XML eXternal Entity](#xxe---xml-external-entity)
- [CSRF - Cross-Site Request Forgery](#csrf---cross-site-request-forgery)
- [Clickjacking](#clickjacking)
- [SSRF - Server-Side Request Forgery](#ssrf---server-side-request-forgery)
- [Web Cache Poisoning](#web-cache-poisoning)
- [Relative Path Overwrite](#relative-path-overwrite)
- [Open Redirect](#open-redirect)
- [Security Assertion Markup Language (SAML)](#security-assertion-markup-language-saml)
- [Upload](#upload)
- [Rails](#rails)
- [AngularJS](#angularjs)
- [ReactJS](#reactjs)
- [SSL/TLS](#ssltls)
- [Webmail](#webmail)
- [NFS](#nfs)
- [AWS](#aws)
- [Azure](#azure)
- [Fingerprint](#fingerprint)
- [Sub Domain Enumeration](#sub-domain-enumeration)
- [Crypto](#crypto)
- [Web Shell](#web-shell)
- [OSINT](#osint)
- [DNS Rebinding](#dns-rebinding)
- [Deserialization](#deserialization)
- [OAuth](#oauth)
- [JWT](#jwt)
- [Evasions](#evasions)
- [XXE](#xxe)
- [CSP](#csp)
- [WAF](#waf)
- [JSMVC](#jsmvc)
- [Authentication](#authentication)
- [Tricks](#tricks)
- [CSRF](#csrf)
- [Clickjacking](#clickjacking-1)
- [Remote Code Execution](#remote-code-execution)
- [XSS](#xss)
- [SQL Injection](#sql-injection-1)
- [NoSQL Injection](#nosql-injection)
- [FTP Injection](#ftp-injection-1)
- [XXE](#xxe-1)
- [SSRF](#ssrf)
- [Web Cache Poisoning](#web-cache-poisoning-1)
- [Header Injection](#header-injection)
- [URL](#url)
- [Deserialization](#deserialization-1)
- [OAuth](#oauth-1)
- [Others](#others)
- [Browser Exploitation](#browser-exploitation)
- [Frontend (like SOP bypass, URL spoofing, and something like that)](#frontend-like-sop-bypass-url-spoofing-and-something-like-that)
- [Backend (core of Browser implementation, and often refers to C or C++ part)](#backend-core-of-browser-implementation-and-often-refers-to-c-or-c-part)
- [PoCs](#pocs)
- [Database](#database)
- [Cheetsheets](#cheetsheets)
- [Tools](#tools)
- [Auditing](#auditing)
- [Command Injection](#command-injection-1)
- [Reconnaissance](#reconnaissance)
- [OSINT - Open-Source Intelligence](#osint---open-source-intelligence)
- [Sub Domain Enumeration](#sub-domain-enumeration-1)
- [Code Generating](#code-generating)
- [Fuzzing](#fuzzing)
- [Scanning](#scanning)
- [Penetration Testing](#penetration-testing)
- [Offensive](#offensive)
- [XSS - Cross-Site Scripting](#xss---cross-site-scripting-1)
- [SQL Injection](#sql-injection-2)
- [Template Injection](#template-injection)
- [XXE](#xxe-2)
- [Cross Site Request Forgery](#cross-site-request-forgery)
- [Server-Side Request Forgery](#server-side-request-forgery)
- [Leaking](#leaking)
- [Detecting](#detecting)
- [Preventing](#preventing)
- [Proxy](#proxy)
- [Webshell](#webshell)
- [Disassembler](#disassembler)
- [Decompiler](#decompiler)
- [DNS Rebinding](#dns-rebinding-1)
- [Others](#others-1)
- [Social Engineering Database](#social-engineering-database)
- [Blogs](#blogs)
- [Twitter Users](#twitter-users)
- [Practices](#practices)
- [Application](#application)
- [AWS](#aws-1)
- [XSS](#xss-1)
- [ModSecurity / OWASP ModSecurity Core Rule Set](#modsecurity--owasp-modsecurity-core-rule-set)
- [Community](#community)
- [Miscellaneous](#miscellaneous)
- [Code of Conduct](#code-of-conduct)
- [License](#license)
## Digests
@ -741,6 +747,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
<a name="tools-preventing"></a>
### Preventing
- [CrowdSec](https://github.com/crowdsecurity/crowdsec) A next-gen collaborative IPS, written in Go, able to analyze visitor behavior & provide an adapted response to all kinds of attacks. Users can share their alerts about threats with the community and benefit from the network effect.
- [DOMPurify](https://github.com/cure53/DOMPurify) - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by [Cure53](https://cure53.de/).
- [js-xss](https://github.com/leizongmin/js-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https://github.com/leizongmin).
- [Acra](https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https://www.cossacklabs.com/).

203
README-zh.md
View File

@ -18,104 +18,110 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
## Contents
- [Digests](#digests)
- [Forums](#forums)
- [Introduction](#intro)
- [XSS](#xss---cross-site-scripting)
- [Prototype Pollution](#prototype-pollution)
- [CSV Injection](#csv-injection)
- [SQL Injection](#sql-injection)
- [Command Injection](#command-injection)
- [ORM Injection](#orm-injection)
- [FTP Injection](#ftp-injection)
- [XXE](#xxe---xml-external-entity)
- [CSRF](#csrf---cross-site-request-forgery)
- [Clickjacking](#clickjacking)
- [SSRF](#ssrf---server-side-request-forgery)
- [Web Cache Poisoning](#web-cache-poisoning)
- [Relative Path Overwrite](#relative-path-overwrite)
- [Open Redirect](#open-redirect)
- [SAML](#saml)
- [Upload](#upload)
- [Rails](#rails)
- [AngularJS](#angularjs)
- [ReactJS](#reactjs)
- [SSL/TLS](#ssltls)
- [Webmail](#webmail)
- [NFS](#nfs)
- [AWS](#aws)
- [Azure](#azure)
- [Fingerprint](#fingerprint)
- [Sub Domain Enumeration](#sub-domain-enumeration)
- [Crypto](#crypto)
- [Web Shell](#web-shell)
- [OSINT](#osint)
- [DNS Rebinding](#dns-rebinding)
- [Deserialization](#deserialization)
- [OAuth](#oauth)
- [JWT](#jwt)
- [Evasions](#evasions)
- [XXE](#evasions-xxe)
- [CSP](#evasions-csp)
- [WAF](#evasions-waf)
- [JSMVC](#evasions-jsmvc)
- [Authentication](#evasions-authentication)
- [Tricks](#tricks)
- [CSRF](#tricks-csrf)
- [Clickjacking](#tricks-clickjacking)
- [Remote Code Execution](#tricks-rce)
- [XSS](#tricks-xss)
- [SQL Injection](#tricks-sql-injection)
- [NoSQL Injection](#tricks-nosql-injection)
- [FTP Injection](#tricks-ftp-injection)
- [XXE](#tricks-xxe)
- [SSRF](#tricks-ssrf)
- [Web Cache Poisoning](#tricks-web-cache-poisoning)
- [Header Injection](#tricks-header-injection)
- [URL](#tricks-url)
- [Deserialization](#tricks-deserialization)
- [OAuth](#tricks-oauth)
- [Others](#tricks-others)
- [Browser Exploitation](#browser-exploitation)
- [PoCs](#pocs)
- [Database](#pocs-database)
- [Cheetsheets](#cheetsheets)
- [Tools](#tools)
- [Auditing](#tools-auditing)
- [Command Injection](#tools-command-injection)
- [Reconnaissance](#tools-reconnaissance)
- [OSINT](#tools-osint)
- [Sub Domain Enumeration](#tools-sub-domain-enumeration)
- [Code Generating](#tools-code-generating)
- [Fuzzing](#tools-fuzzing)
- [Scanning](#tools-scanning)
- [Penetration Testing](#tools-penetration-testing)
- [Leaking](#tools-leaking)
- [Offensive](#tools-offensive)
- [XSS](#tools-xss)
- [SQL Injection](#tools-sql-injection)
- [Template Injection](#tools-template-injection)
- [XXE](#tools-xxe)
- [CSRF](#tools-csrf)
- [SSRF](#tools-ssrf)
- [Detecting](#tools-detecting)
- [Preventing](#tools-preventing)
- [Proxy](#tools-proxy)
- [Webshell](#tools-webshell)
- [Disassembler](#tools-disassembler)
- [Decompiler](#tools-decompiler)
- [DNS Rebinding](#tools-dns-rebinding)
- [Others](#tools-others)
- [Social Engineering Database](#social-engineering-database)
- [Blogs](#blogs)
- [Twitter Users](#twitter-users)
- [Practices](#practices)
- [Application](#practices-application)
- [AWS](#practices-aws)
- [XSS](#practices-xss)
- [ModSecurity / OWASP ModSecurity Core Rule Set](#practices-modsecurity)
- [Community](#community)
- [Miscellaneous](#miscellaneous)
- [Awesome Web Security - ZH ![Awesome](https://github.com/sindresorhus/awesome)](#awesome-web-security---zh-)
- [Contents](#contents)
- [Digests](#digests)
- [Forums](#forums)
- [Introduction](#introduction)
- [XSS - Cross-Site Scripting](#xss---cross-site-scripting)
- [Prototype Pollution](#prototype-pollution)
- [CSV Injection](#csv-injection)
- [SQL Injection](#sql-injection)
- [Command Injection](#command-injection)
- [ORM Injection](#orm-injection)
- [FTP Injection](#ftp-injection)
- [XXE - XML eXternal Entity](#xxe---xml-external-entity)
- [CSRF - Cross-Site Request Forgery](#csrf---cross-site-request-forgery)
- [Clickjacking](#clickjacking)
- [SSRF - Server-Side Request Forgery](#ssrf---server-side-request-forgery)
- [Web Cache Poisoning](#web-cache-poisoning)
- [Relative Path Overwrite](#relative-path-overwrite)
- [Open Redirect](#open-redirect)
- [Security Assertion Markup Language (SAML)](#security-assertion-markup-language-saml)
- [Upload](#upload)
- [Rails](#rails)
- [AngularJS](#angularjs)
- [ReactJS](#reactjs)
- [SSL/TLS](#ssltls)
- [Webmail](#webmail)
- [NFS](#nfs)
- [AWS](#aws)
- [Azure](#azure)
- [Fingerprint](#fingerprint)
- [Sub Domain Enumeration](#sub-domain-enumeration)
- [Crypto](#crypto)
- [Web Shell](#web-shell)
- [OSINT](#osint)
- [DNS Rebinding](#dns-rebinding)
- [Deserialization](#deserialization)
- [OAuth](#oauth)
- [JWT](#jwt)
- [Evasions](#evasions)
- [XXE](#xxe)
- [CSP](#csp)
- [WAF](#waf)
- [JSMVC](#jsmvc)
- [Authentication](#authentication)
- [Tricks](#tricks)
- [CSRF](#csrf)
- [Clickjacking](#clickjacking-1)
- [Remote Code Execution](#remote-code-execution)
- [XSS](#xss)
- [SQL Injection](#sql-injection-1)
- [NoSQL Injection](#nosql-injection)
- [FTP Injection](#ftp-injection-1)
- [XXE](#xxe-1)
- [SSRF](#ssrf)
- [Web Cache Poisoning](#web-cache-poisoning-1)
- [Header Injection](#header-injection)
- [URL](#url)
- [Deserialization](#deserialization-1)
- [OAuth](#oauth-1)
- [Others](#others)
- [Browser Exploitation](#browser-exploitation)
- [Frontend (like SOP bypass, URL spoofing, and something like that)](#frontend-like-sop-bypass-url-spoofing-and-something-like-that)
- [Backend (core of Browser implementation, and often refers to C or C++ part)](#backend-core-of-browser-implementation-and-often-refers-to-c-or-c-part)
- [PoCs](#pocs)
- [Database](#database)
- [Cheetsheets](#cheetsheets)
- [Tools](#tools)
- [Auditing](#auditing)
- [Command Injection](#command-injection-1)
- [Reconnaissance](#reconnaissance)
- [OSINT - Open-Source Intelligence](#osint---open-source-intelligence)
- [Sub Domain Enumeration](#sub-domain-enumeration-1)
- [Code Generating](#code-generating)
- [Fuzzing](#fuzzing)
- [Scanning](#scanning)
- [Penetration Testing](#penetration-testing)
- [Offensive](#offensive)
- [XSS - Cross-Site Scripting](#xss---cross-site-scripting-1)
- [SQL Injection](#sql-injection-2)
- [Template Injection](#template-injection)
- [XXE](#xxe-2)
- [Cross Site Request Forgery](#cross-site-request-forgery)
- [Server-Side Request Forgery](#server-side-request-forgery)
- [Leaking](#leaking)
- [Detecting](#detecting)
- [Preventing](#preventing)
- [Proxy](#proxy)
- [Webshell](#webshell)
- [Disassembler](#disassembler)
- [Decompiler](#decompiler)
- [DNS Rebinding](#dns-rebinding-1)
- [Others](#others-1)
- [Social Engineering Database](#social-engineering-database)
- [Blogs](#blogs)
- [Twitter Users](#twitter-users)
- [Practices](#practices)
- [Application](#application)
- [AWS](#aws-1)
- [XSS](#xss-1)
- [ModSecurity / OWASP ModSecurity Core Rule Set](#modsecurity--owasp-modsecurity-core-rule-set)
- [Community](#community)
- [Miscellaneous](#miscellaneous)
- [Code of Conduct](#code-of-conduct)
- [License](#license)
## Digests
@ -788,6 +794,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
<a name="tools-preventing"></a>
### Preventing
- [CrowdSec](https://github.com/crowdsecurity/crowdsec) A next-gen collaborative IPS, written in Go, able to analyze visitor behavior & provide an adapted response to all kinds of attacks. Users can share their alerts about threats with the community and benefit from the network effect.
- [DOMPurify](https://github.com/cure53/DOMPurify) - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by [Cure53](https://cure53.de/).
- [js-xss](https://github.com/leizongmin/js-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https://github.com/leizongmin).
- [Acra](https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https://www.cossacklabs.com/).

203
README.md
View File

@ -18,104 +18,110 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
## Contents
- [Digests](#digests)
- [Forums](#forums)
- [Introduction](#intro)
- [XSS](#xss---cross-site-scripting)
- [Prototype Pollution](#prototype-pollution)
- [CSV Injection](#csv-injection)
- [SQL Injection](#sql-injection)
- [Command Injection](#command-injection)
- [ORM Injection](#orm-injection)
- [FTP Injection](#ftp-injection)
- [XXE](#xxe---xml-external-entity)
- [CSRF](#csrf---cross-site-request-forgery)
- [Clickjacking](#clickjacking)
- [SSRF](#ssrf---server-side-request-forgery)
- [Web Cache Poisoning](#web-cache-poisoning)
- [Relative Path Overwrite](#relative-path-overwrite)
- [Open Redirect](#open-redirect)
- [SAML](#saml)
- [Upload](#upload)
- [Rails](#rails)
- [AngularJS](#angularjs)
- [ReactJS](#reactjs)
- [SSL/TLS](#ssltls)
- [Webmail](#webmail)
- [NFS](#nfs)
- [AWS](#aws)
- [Azure](#azure)
- [Fingerprint](#fingerprint)
- [Sub Domain Enumeration](#sub-domain-enumeration)
- [Crypto](#crypto)
- [Web Shell](#web-shell)
- [OSINT](#osint)
- [DNS Rebinding](#dns-rebinding)
- [Deserialization](#deserialization)
- [OAuth](#oauth)
- [JWT](#jwt)
- [Evasions](#evasions)
- [XXE](#evasions-xxe)
- [CSP](#evasions-csp)
- [WAF](#evasions-waf)
- [JSMVC](#evasions-jsmvc)
- [Authentication](#evasions-authentication)
- [Tricks](#tricks)
- [CSRF](#tricks-csrf)
- [Clickjacking](#tricks-clickjacking)
- [Remote Code Execution](#tricks-rce)
- [XSS](#tricks-xss)
- [SQL Injection](#tricks-sql-injection)
- [NoSQL Injection](#tricks-nosql-injection)
- [FTP Injection](#tricks-ftp-injection)
- [XXE](#tricks-xxe)
- [SSRF](#tricks-ssrf)
- [Web Cache Poisoning](#tricks-web-cache-poisoning)
- [Header Injection](#tricks-header-injection)
- [URL](#tricks-url)
- [Deserialization](#tricks-deserialization)
- [OAuth](#tricks-oauth)
- [Others](#tricks-others)
- [Browser Exploitation](#browser-exploitation)
- [PoCs](#pocs)
- [Database](#pocs-database)
- [Cheetsheets](#cheetsheets)
- [Tools](#tools)
- [Auditing](#tools-auditing)
- [Command Injection](#tools-command-injection)
- [Reconnaissance](#tools-reconnaissance)
- [OSINT](#tools-osint)
- [Sub Domain Enumeration](#tools-sub-domain-enumeration)
- [Code Generating](#tools-code-generating)
- [Fuzzing](#tools-fuzzing)
- [Scanning](#tools-scanning)
- [Penetration Testing](#tools-penetration-testing)
- [Leaking](#tools-leaking)
- [Offensive](#tools-offensive)
- [XSS](#tools-xss)
- [SQL Injection](#tools-sql-injection)
- [Template Injection](#tools-template-injection)
- [XXE](#tools-xxe)
- [CSRF](#tools-csrf)
- [SSRF](#tools-ssrf)
- [Detecting](#tools-detecting)
- [Preventing](#tools-preventing)
- [Proxy](#tools-proxy)
- [Webshell](#tools-webshell)
- [Disassembler](#tools-disassembler)
- [Decompiler](#tools-decompiler)
- [DNS Rebinding](#tools-dns-rebinding)
- [Others](#tools-others)
- [Social Engineering Database](#social-engineering-database)
- [Blogs](#blogs)
- [Twitter Users](#twitter-users)
- [Practices](#practices)
- [Application](#practices-application)
- [AWS](#practices-aws)
- [XSS](#practices-xss)
- [ModSecurity / OWASP ModSecurity Core Rule Set](#practices-modsecurity)
- [Community](#community)
- [Miscellaneous](#miscellaneous)
- [Awesome Web Security ![Awesome](https://github.com/sindresorhus/awesome)](#awesome-web-security-)
- [Contents](#contents)
- [Digests](#digests)
- [Forums](#forums)
- [Introduction](#introduction)
- [XSS - Cross-Site Scripting](#xss---cross-site-scripting)
- [Prototype Pollution](#prototype-pollution)
- [CSV Injection](#csv-injection)
- [SQL Injection](#sql-injection)
- [Command Injection](#command-injection)
- [ORM Injection](#orm-injection)
- [FTP Injection](#ftp-injection)
- [XXE - XML eXternal Entity](#xxe---xml-external-entity)
- [CSRF - Cross-Site Request Forgery](#csrf---cross-site-request-forgery)
- [Clickjacking](#clickjacking)
- [SSRF - Server-Side Request Forgery](#ssrf---server-side-request-forgery)
- [Web Cache Poisoning](#web-cache-poisoning)
- [Relative Path Overwrite](#relative-path-overwrite)
- [Open Redirect](#open-redirect)
- [Security Assertion Markup Language (SAML)](#security-assertion-markup-language-saml)
- [Upload](#upload)
- [Rails](#rails)
- [AngularJS](#angularjs)
- [ReactJS](#reactjs)
- [SSL/TLS](#ssltls)
- [Webmail](#webmail)
- [NFS](#nfs)
- [AWS](#aws)
- [Azure](#azure)
- [Fingerprint](#fingerprint)
- [Sub Domain Enumeration](#sub-domain-enumeration)
- [Crypto](#crypto)
- [Web Shell](#web-shell)
- [OSINT](#osint)
- [DNS Rebinding](#dns-rebinding)
- [Deserialization](#deserialization)
- [OAuth](#oauth)
- [JWT](#jwt)
- [Evasions](#evasions)
- [XXE](#xxe)
- [CSP](#csp)
- [WAF](#waf)
- [JSMVC](#jsmvc)
- [Authentication](#authentication)
- [Tricks](#tricks)
- [CSRF](#csrf)
- [Clickjacking](#clickjacking-1)
- [Remote Code Execution](#remote-code-execution)
- [XSS](#xss)
- [SQL Injection](#sql-injection-1)
- [NoSQL Injection](#nosql-injection)
- [FTP Injection](#ftp-injection-1)
- [XXE](#xxe-1)
- [SSRF](#ssrf)
- [Web Cache Poisoning](#web-cache-poisoning-1)
- [Header Injection](#header-injection)
- [URL](#url)
- [Deserialization](#deserialization-1)
- [OAuth](#oauth-1)
- [Others](#others)
- [Browser Exploitation](#browser-exploitation)
- [Frontend (like SOP bypass, URL spoofing, and something like that)](#frontend-like-sop-bypass-url-spoofing-and-something-like-that)
- [Backend (core of Browser implementation, and often refers to C or C++ part)](#backend-core-of-browser-implementation-and-often-refers-to-c-or-c-part)
- [PoCs](#pocs)
- [Database](#database)
- [Cheetsheets](#cheetsheets)
- [Tools](#tools)
- [Auditing](#auditing)
- [Command Injection](#command-injection-1)
- [Reconnaissance](#reconnaissance)
- [OSINT - Open-Source Intelligence](#osint---open-source-intelligence)
- [Sub Domain Enumeration](#sub-domain-enumeration-1)
- [Code Generating](#code-generating)
- [Fuzzing](#fuzzing)
- [Scanning](#scanning)
- [Penetration Testing](#penetration-testing)
- [Offensive](#offensive)
- [XSS - Cross-Site Scripting](#xss---cross-site-scripting-1)
- [SQL Injection](#sql-injection-2)
- [Template Injection](#template-injection)
- [XXE](#xxe-2)
- [Cross Site Request Forgery](#cross-site-request-forgery)
- [Server-Side Request Forgery](#server-side-request-forgery)
- [Leaking](#leaking)
- [Detecting](#detecting)
- [Preventing](#preventing)
- [Proxy](#proxy)
- [Webshell](#webshell)
- [Disassembler](#disassembler)
- [Decompiler](#decompiler)
- [DNS Rebinding](#dns-rebinding-1)
- [Others](#others-1)
- [Social Engineering Database](#social-engineering-database)
- [Blogs](#blogs)
- [Twitter Users](#twitter-users)
- [Practices](#practices)
- [Application](#application)
- [AWS](#aws-1)
- [XSS](#xss-1)
- [ModSecurity / OWASP ModSecurity Core Rule Set](#modsecurity--owasp-modsecurity-core-rule-set)
- [Community](#community)
- [Miscellaneous](#miscellaneous)
- [Code of Conduct](#code-of-conduct)
- [License](#license)
## Digests
@ -735,6 +741,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
<a name="tools-preventing"></a>
### Preventing
- [CrowdSec](https://github.com/crowdsecurity/crowdsec) A next-gen collaborative IPS, written in Go, able to analyze visitor behavior & provide an adapted response to all kinds of attacks. Users can share their alerts about threats with the community and benefit from the network effect.
- [DOMPurify](https://github.com/cure53/DOMPurify) - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by [Cure53](https://cure53.de/).
- [js-xss](https://github.com/leizongmin/js-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https://github.com/leizongmin).
- [Acra](https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https://www.cossacklabs.com/).