diff --git a/README-jp.md b/README-jp.md
index ba555ae..813013d 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -18,104 +18,110 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
## Contents
-- [Digests](#digests)
-- [Forums](#forums)
-- [Introduction](#intro)
- - [XSS](#xss---cross-site-scripting)
- - [Prototype Pollution](#prototype-pollution)
- - [CSV Injection](#csv-injection)
- - [SQL Injection](#sql-injection)
- - [Command Injection](#command-injection)
- - [ORM Injection](#orm-injection)
- - [FTP Injection](#ftp-injection)
- - [XXE](#xxe---xml-external-entity)
- - [CSRF](#csrf---cross-site-request-forgery)
- - [Clickjacking](#clickjacking)
- - [SSRF](#ssrf---server-side-request-forgery)
- - [Web Cache Poisoning](#web-cache-poisoning)
- - [Relative Path Overwrite](#relative-path-overwrite)
- - [Open Redirect](#open-redirect)
- - [SAML](#saml)
- - [Upload](#upload)
- - [Rails](#rails)
- - [AngularJS](#angularjs)
- - [ReactJS](#reactjs)
- - [SSL/TLS](#ssltls)
- - [Webmail](#webmail)
- - [NFS](#nfs)
- - [AWS](#aws)
- - [Azure](#azure)
- - [Fingerprint](#fingerprint)
- - [Sub Domain Enumeration](#sub-domain-enumeration)
- - [Crypto](#crypto)
- - [Web Shell](#web-shell)
- - [OSINT](#osint)
- - [DNS Rebinding](#dns-rebinding)
- - [Deserialization](#deserialization)
- - [OAuth](#oauth)
- - [JWT](#jwt)
-- [Evasions](#evasions)
- - [XXE](#evasions-xxe)
- - [CSP](#evasions-csp)
- - [WAF](#evasions-waf)
- - [JSMVC](#evasions-jsmvc)
- - [Authentication](#evasions-authentication)
-- [Tricks](#tricks)
- - [CSRF](#tricks-csrf)
- - [Clickjacking](#tricks-clickjacking)
- - [Remote Code Execution](#tricks-rce)
- - [XSS](#tricks-xss)
- - [SQL Injection](#tricks-sql-injection)
- - [NoSQL Injection](#tricks-nosql-injection)
- - [FTP Injection](#tricks-ftp-injection)
- - [XXE](#tricks-xxe)
- - [SSRF](#tricks-ssrf)
- - [Web Cache Poisoning](#tricks-web-cache-poisoning)
- - [Header Injection](#tricks-header-injection)
- - [URL](#tricks-url)
- - [Deserialization](#tricks-deserialization)
- - [OAuth](#tricks-oauth)
- - [Others](#tricks-others)
-- [Browser Exploitation](#browser-exploitation)
-- [PoCs](#pocs)
- - [Database](#pocs-database)
-- [Cheetsheets](#cheetsheets)
-- [Tools](#tools)
- - [Auditing](#tools-auditing)
- - [Command Injection](#tools-command-injection)
- - [Reconnaissance](#tools-reconnaissance)
- - [OSINT](#tools-osint)
- - [Sub Domain Enumeration](#tools-sub-domain-enumeration)
- - [Code Generating](#tools-code-generating)
- - [Fuzzing](#tools-fuzzing)
- - [Scanning](#tools-scanning)
- - [Penetration Testing](#tools-penetration-testing)
- - [Leaking](#tools-leaking)
- - [Offensive](#tools-offensive)
- - [XSS](#tools-xss)
- - [SQL Injection](#tools-sql-injection)
- - [Template Injection](#tools-template-injection)
- - [XXE](#tools-xxe)
- - [CSRF](#tools-csrf)
- - [SSRF](#tools-ssrf)
- - [Detecting](#tools-detecting)
- - [Preventing](#tools-preventing)
- - [Proxy](#tools-proxy)
- - [Webshell](#tools-webshell)
- - [Disassembler](#tools-disassembler)
- - [Decompiler](#tools-decompiler)
- - [DNS Rebinding](#tools-dns-rebinding)
- - [Others](#tools-others)
-- [Social Engineering Database](#social-engineering-database)
-- [Blogs](#blogs)
-- [Twitter Users](#twitter-users)
-- [Practices](#practices)
- - [Application](#practices-application)
- - [AWS](#practices-aws)
- - [XSS](#practices-xss)
- - [ModSecurity / OWASP ModSecurity Core Rule Set](#practices-modsecurity)
-- [Community](#community)
-- [Miscellaneous](#miscellaneous)
+- [Awesome Web Security - JP ](#awesome-web-security---jp-)
+ - [Contents](#contents)
+ - [Digests](#digests)
+ - [Forums](#forums)
+ - [Introduction](#introduction)
+ - [XSS - Cross-Site Scripting](#xss---cross-site-scripting)
+ - [Prototype Pollution](#prototype-pollution)
+ - [CSV Injection](#csv-injection)
+ - [SQL Injection](#sql-injection)
+ - [Command Injection](#command-injection)
+ - [ORM Injection](#orm-injection)
+ - [FTP Injection](#ftp-injection)
+ - [XXE - XML eXternal Entity](#xxe---xml-external-entity)
+ - [CSRF - Cross-Site Request Forgery](#csrf---cross-site-request-forgery)
+ - [Clickjacking](#clickjacking)
+ - [SSRF - Server-Side Request Forgery](#ssrf---server-side-request-forgery)
+ - [Web Cache Poisoning](#web-cache-poisoning)
+ - [Relative Path Overwrite](#relative-path-overwrite)
+ - [Open Redirect](#open-redirect)
+ - [Security Assertion Markup Language (SAML)](#security-assertion-markup-language-saml)
+ - [Upload](#upload)
+ - [Rails](#rails)
+ - [AngularJS](#angularjs)
+ - [ReactJS](#reactjs)
+ - [SSL/TLS](#ssltls)
+ - [Webmail](#webmail)
+ - [NFS](#nfs)
+ - [AWS](#aws)
+ - [Azure](#azure)
+ - [Fingerprint](#fingerprint)
+ - [Sub Domain Enumeration](#sub-domain-enumeration)
+ - [Crypto](#crypto)
+ - [Web Shell](#web-shell)
+ - [OSINT](#osint)
+ - [DNS Rebinding](#dns-rebinding)
+ - [Deserialization](#deserialization)
+ - [OAuth](#oauth)
+ - [JWT](#jwt)
+ - [Evasions](#evasions)
+ - [XXE](#xxe)
+ - [CSP](#csp)
+ - [WAF](#waf)
+ - [JSMVC](#jsmvc)
+ - [Authentication](#authentication)
+ - [Tricks](#tricks)
+ - [CSRF](#csrf)
+ - [Clickjacking](#clickjacking-1)
+ - [Remote Code Execution](#remote-code-execution)
+ - [XSS](#xss)
+ - [SQL Injection](#sql-injection-1)
+ - [NoSQL Injection](#nosql-injection)
+ - [FTP Injection](#ftp-injection-1)
+ - [XXE](#xxe-1)
+ - [SSRF](#ssrf)
+ - [Web Cache Poisoning](#web-cache-poisoning-1)
+ - [Header Injection](#header-injection)
+ - [URL](#url)
+ - [Deserialization](#deserialization-1)
+ - [OAuth](#oauth-1)
+ - [Others](#others)
+ - [Browser Exploitation](#browser-exploitation)
+ - [Frontend (like SOP bypass, URL spoofing, and something like that)](#frontend-like-sop-bypass-url-spoofing-and-something-like-that)
+ - [Backend (core of Browser implementation, and often refers to C or C++ part)](#backend-core-of-browser-implementation-and-often-refers-to-c-or-c-part)
+ - [PoCs](#pocs)
+ - [Database](#database)
+ - [Cheetsheets](#cheetsheets)
+ - [Tools](#tools)
+ - [Auditing](#auditing)
+ - [Command Injection](#command-injection-1)
+ - [Reconnaissance](#reconnaissance)
+ - [OSINT - Open-Source Intelligence](#osint---open-source-intelligence)
+ - [Sub Domain Enumeration](#sub-domain-enumeration-1)
+ - [Code Generating](#code-generating)
+ - [Fuzzing](#fuzzing)
+ - [Scanning](#scanning)
+ - [Penetration Testing](#penetration-testing)
+ - [Offensive](#offensive)
+ - [XSS - Cross-Site Scripting](#xss---cross-site-scripting-1)
+ - [SQL Injection](#sql-injection-2)
+ - [Template Injection](#template-injection)
+ - [XXE](#xxe-2)
+ - [Cross Site Request Forgery](#cross-site-request-forgery)
+ - [Server-Side Request Forgery](#server-side-request-forgery)
+ - [Leaking](#leaking)
+ - [Detecting](#detecting)
+ - [Preventing](#preventing)
+ - [Proxy](#proxy)
+ - [Webshell](#webshell)
+ - [Disassembler](#disassembler)
+ - [Decompiler](#decompiler)
+ - [DNS Rebinding](#dns-rebinding-1)
+ - [Others](#others-1)
+ - [Social Engineering Database](#social-engineering-database)
+ - [Blogs](#blogs)
+ - [Twitter Users](#twitter-users)
+ - [Practices](#practices)
+ - [Application](#application)
+ - [AWS](#aws-1)
+ - [XSS](#xss-1)
+ - [ModSecurity / OWASP ModSecurity Core Rule Set](#modsecurity--owasp-modsecurity-core-rule-set)
+ - [Community](#community)
+ - [Miscellaneous](#miscellaneous)
+ - [Code of Conduct](#code-of-conduct)
+ - [License](#license)
## Digests
@@ -741,6 +747,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
### Preventing
+- [CrowdSec](https://github.com/crowdsecurity/crowdsec) A next-gen collaborative IPS, written in Go, able to analyze visitor behavior & provide an adapted response to all kinds of attacks. Users can share their alerts about threats with the community and benefit from the network effect.
- [DOMPurify](https://github.com/cure53/DOMPurify) - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by [Cure53](https://cure53.de/).
- [js-xss](https://github.com/leizongmin/js-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https://github.com/leizongmin).
- [Acra](https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https://www.cossacklabs.com/).
diff --git a/README-zh.md b/README-zh.md
index 86dfa05..818cb40 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -18,104 +18,110 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
## Contents
-- [Digests](#digests)
-- [Forums](#forums)
-- [Introduction](#intro)
- - [XSS](#xss---cross-site-scripting)
- - [Prototype Pollution](#prototype-pollution)
- - [CSV Injection](#csv-injection)
- - [SQL Injection](#sql-injection)
- - [Command Injection](#command-injection)
- - [ORM Injection](#orm-injection)
- - [FTP Injection](#ftp-injection)
- - [XXE](#xxe---xml-external-entity)
- - [CSRF](#csrf---cross-site-request-forgery)
- - [Clickjacking](#clickjacking)
- - [SSRF](#ssrf---server-side-request-forgery)
- - [Web Cache Poisoning](#web-cache-poisoning)
- - [Relative Path Overwrite](#relative-path-overwrite)
- - [Open Redirect](#open-redirect)
- - [SAML](#saml)
- - [Upload](#upload)
- - [Rails](#rails)
- - [AngularJS](#angularjs)
- - [ReactJS](#reactjs)
- - [SSL/TLS](#ssltls)
- - [Webmail](#webmail)
- - [NFS](#nfs)
- - [AWS](#aws)
- - [Azure](#azure)
- - [Fingerprint](#fingerprint)
- - [Sub Domain Enumeration](#sub-domain-enumeration)
- - [Crypto](#crypto)
- - [Web Shell](#web-shell)
- - [OSINT](#osint)
- - [DNS Rebinding](#dns-rebinding)
- - [Deserialization](#deserialization)
- - [OAuth](#oauth)
- - [JWT](#jwt)
-- [Evasions](#evasions)
- - [XXE](#evasions-xxe)
- - [CSP](#evasions-csp)
- - [WAF](#evasions-waf)
- - [JSMVC](#evasions-jsmvc)
- - [Authentication](#evasions-authentication)
-- [Tricks](#tricks)
- - [CSRF](#tricks-csrf)
- - [Clickjacking](#tricks-clickjacking)
- - [Remote Code Execution](#tricks-rce)
- - [XSS](#tricks-xss)
- - [SQL Injection](#tricks-sql-injection)
- - [NoSQL Injection](#tricks-nosql-injection)
- - [FTP Injection](#tricks-ftp-injection)
- - [XXE](#tricks-xxe)
- - [SSRF](#tricks-ssrf)
- - [Web Cache Poisoning](#tricks-web-cache-poisoning)
- - [Header Injection](#tricks-header-injection)
- - [URL](#tricks-url)
- - [Deserialization](#tricks-deserialization)
- - [OAuth](#tricks-oauth)
- - [Others](#tricks-others)
-- [Browser Exploitation](#browser-exploitation)
-- [PoCs](#pocs)
- - [Database](#pocs-database)
-- [Cheetsheets](#cheetsheets)
-- [Tools](#tools)
- - [Auditing](#tools-auditing)
- - [Command Injection](#tools-command-injection)
- - [Reconnaissance](#tools-reconnaissance)
- - [OSINT](#tools-osint)
- - [Sub Domain Enumeration](#tools-sub-domain-enumeration)
- - [Code Generating](#tools-code-generating)
- - [Fuzzing](#tools-fuzzing)
- - [Scanning](#tools-scanning)
- - [Penetration Testing](#tools-penetration-testing)
- - [Leaking](#tools-leaking)
- - [Offensive](#tools-offensive)
- - [XSS](#tools-xss)
- - [SQL Injection](#tools-sql-injection)
- - [Template Injection](#tools-template-injection)
- - [XXE](#tools-xxe)
- - [CSRF](#tools-csrf)
- - [SSRF](#tools-ssrf)
- - [Detecting](#tools-detecting)
- - [Preventing](#tools-preventing)
- - [Proxy](#tools-proxy)
- - [Webshell](#tools-webshell)
- - [Disassembler](#tools-disassembler)
- - [Decompiler](#tools-decompiler)
- - [DNS Rebinding](#tools-dns-rebinding)
- - [Others](#tools-others)
-- [Social Engineering Database](#social-engineering-database)
-- [Blogs](#blogs)
-- [Twitter Users](#twitter-users)
-- [Practices](#practices)
- - [Application](#practices-application)
- - [AWS](#practices-aws)
- - [XSS](#practices-xss)
- - [ModSecurity / OWASP ModSecurity Core Rule Set](#practices-modsecurity)
-- [Community](#community)
-- [Miscellaneous](#miscellaneous)
+- [Awesome Web Security - ZH ](#awesome-web-security---zh-)
+ - [Contents](#contents)
+ - [Digests](#digests)
+ - [Forums](#forums)
+ - [Introduction](#introduction)
+ - [XSS - Cross-Site Scripting](#xss---cross-site-scripting)
+ - [Prototype Pollution](#prototype-pollution)
+ - [CSV Injection](#csv-injection)
+ - [SQL Injection](#sql-injection)
+ - [Command Injection](#command-injection)
+ - [ORM Injection](#orm-injection)
+ - [FTP Injection](#ftp-injection)
+ - [XXE - XML eXternal Entity](#xxe---xml-external-entity)
+ - [CSRF - Cross-Site Request Forgery](#csrf---cross-site-request-forgery)
+ - [Clickjacking](#clickjacking)
+ - [SSRF - Server-Side Request Forgery](#ssrf---server-side-request-forgery)
+ - [Web Cache Poisoning](#web-cache-poisoning)
+ - [Relative Path Overwrite](#relative-path-overwrite)
+ - [Open Redirect](#open-redirect)
+ - [Security Assertion Markup Language (SAML)](#security-assertion-markup-language-saml)
+ - [Upload](#upload)
+ - [Rails](#rails)
+ - [AngularJS](#angularjs)
+ - [ReactJS](#reactjs)
+ - [SSL/TLS](#ssltls)
+ - [Webmail](#webmail)
+ - [NFS](#nfs)
+ - [AWS](#aws)
+ - [Azure](#azure)
+ - [Fingerprint](#fingerprint)
+ - [Sub Domain Enumeration](#sub-domain-enumeration)
+ - [Crypto](#crypto)
+ - [Web Shell](#web-shell)
+ - [OSINT](#osint)
+ - [DNS Rebinding](#dns-rebinding)
+ - [Deserialization](#deserialization)
+ - [OAuth](#oauth)
+ - [JWT](#jwt)
+ - [Evasions](#evasions)
+ - [XXE](#xxe)
+ - [CSP](#csp)
+ - [WAF](#waf)
+ - [JSMVC](#jsmvc)
+ - [Authentication](#authentication)
+ - [Tricks](#tricks)
+ - [CSRF](#csrf)
+ - [Clickjacking](#clickjacking-1)
+ - [Remote Code Execution](#remote-code-execution)
+ - [XSS](#xss)
+ - [SQL Injection](#sql-injection-1)
+ - [NoSQL Injection](#nosql-injection)
+ - [FTP Injection](#ftp-injection-1)
+ - [XXE](#xxe-1)
+ - [SSRF](#ssrf)
+ - [Web Cache Poisoning](#web-cache-poisoning-1)
+ - [Header Injection](#header-injection)
+ - [URL](#url)
+ - [Deserialization](#deserialization-1)
+ - [OAuth](#oauth-1)
+ - [Others](#others)
+ - [Browser Exploitation](#browser-exploitation)
+ - [Frontend (like SOP bypass, URL spoofing, and something like that)](#frontend-like-sop-bypass-url-spoofing-and-something-like-that)
+ - [Backend (core of Browser implementation, and often refers to C or C++ part)](#backend-core-of-browser-implementation-and-often-refers-to-c-or-c-part)
+ - [PoCs](#pocs)
+ - [Database](#database)
+ - [Cheetsheets](#cheetsheets)
+ - [Tools](#tools)
+ - [Auditing](#auditing)
+ - [Command Injection](#command-injection-1)
+ - [Reconnaissance](#reconnaissance)
+ - [OSINT - Open-Source Intelligence](#osint---open-source-intelligence)
+ - [Sub Domain Enumeration](#sub-domain-enumeration-1)
+ - [Code Generating](#code-generating)
+ - [Fuzzing](#fuzzing)
+ - [Scanning](#scanning)
+ - [Penetration Testing](#penetration-testing)
+ - [Offensive](#offensive)
+ - [XSS - Cross-Site Scripting](#xss---cross-site-scripting-1)
+ - [SQL Injection](#sql-injection-2)
+ - [Template Injection](#template-injection)
+ - [XXE](#xxe-2)
+ - [Cross Site Request Forgery](#cross-site-request-forgery)
+ - [Server-Side Request Forgery](#server-side-request-forgery)
+ - [Leaking](#leaking)
+ - [Detecting](#detecting)
+ - [Preventing](#preventing)
+ - [Proxy](#proxy)
+ - [Webshell](#webshell)
+ - [Disassembler](#disassembler)
+ - [Decompiler](#decompiler)
+ - [DNS Rebinding](#dns-rebinding-1)
+ - [Others](#others-1)
+ - [Social Engineering Database](#social-engineering-database)
+ - [Blogs](#blogs)
+ - [Twitter Users](#twitter-users)
+ - [Practices](#practices)
+ - [Application](#application)
+ - [AWS](#aws-1)
+ - [XSS](#xss-1)
+ - [ModSecurity / OWASP ModSecurity Core Rule Set](#modsecurity--owasp-modsecurity-core-rule-set)
+ - [Community](#community)
+ - [Miscellaneous](#miscellaneous)
+ - [Code of Conduct](#code-of-conduct)
+ - [License](#license)
## Digests
@@ -788,6 +794,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
### Preventing
+- [CrowdSec](https://github.com/crowdsecurity/crowdsec) A next-gen collaborative IPS, written in Go, able to analyze visitor behavior & provide an adapted response to all kinds of attacks. Users can share their alerts about threats with the community and benefit from the network effect.
- [DOMPurify](https://github.com/cure53/DOMPurify) - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by [Cure53](https://cure53.de/).
- [js-xss](https://github.com/leizongmin/js-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https://github.com/leizongmin).
- [Acra](https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https://www.cossacklabs.com/).
diff --git a/README.md b/README.md
index d5e072b..8397605 100644
--- a/README.md
+++ b/README.md
@@ -18,104 +18,110 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
## Contents
-- [Digests](#digests)
-- [Forums](#forums)
-- [Introduction](#intro)
- - [XSS](#xss---cross-site-scripting)
- - [Prototype Pollution](#prototype-pollution)
- - [CSV Injection](#csv-injection)
- - [SQL Injection](#sql-injection)
- - [Command Injection](#command-injection)
- - [ORM Injection](#orm-injection)
- - [FTP Injection](#ftp-injection)
- - [XXE](#xxe---xml-external-entity)
- - [CSRF](#csrf---cross-site-request-forgery)
- - [Clickjacking](#clickjacking)
- - [SSRF](#ssrf---server-side-request-forgery)
- - [Web Cache Poisoning](#web-cache-poisoning)
- - [Relative Path Overwrite](#relative-path-overwrite)
- - [Open Redirect](#open-redirect)
- - [SAML](#saml)
- - [Upload](#upload)
- - [Rails](#rails)
- - [AngularJS](#angularjs)
- - [ReactJS](#reactjs)
- - [SSL/TLS](#ssltls)
- - [Webmail](#webmail)
- - [NFS](#nfs)
- - [AWS](#aws)
- - [Azure](#azure)
- - [Fingerprint](#fingerprint)
- - [Sub Domain Enumeration](#sub-domain-enumeration)
- - [Crypto](#crypto)
- - [Web Shell](#web-shell)
- - [OSINT](#osint)
- - [DNS Rebinding](#dns-rebinding)
- - [Deserialization](#deserialization)
- - [OAuth](#oauth)
- - [JWT](#jwt)
-- [Evasions](#evasions)
- - [XXE](#evasions-xxe)
- - [CSP](#evasions-csp)
- - [WAF](#evasions-waf)
- - [JSMVC](#evasions-jsmvc)
- - [Authentication](#evasions-authentication)
-- [Tricks](#tricks)
- - [CSRF](#tricks-csrf)
- - [Clickjacking](#tricks-clickjacking)
- - [Remote Code Execution](#tricks-rce)
- - [XSS](#tricks-xss)
- - [SQL Injection](#tricks-sql-injection)
- - [NoSQL Injection](#tricks-nosql-injection)
- - [FTP Injection](#tricks-ftp-injection)
- - [XXE](#tricks-xxe)
- - [SSRF](#tricks-ssrf)
- - [Web Cache Poisoning](#tricks-web-cache-poisoning)
- - [Header Injection](#tricks-header-injection)
- - [URL](#tricks-url)
- - [Deserialization](#tricks-deserialization)
- - [OAuth](#tricks-oauth)
- - [Others](#tricks-others)
-- [Browser Exploitation](#browser-exploitation)
-- [PoCs](#pocs)
- - [Database](#pocs-database)
-- [Cheetsheets](#cheetsheets)
-- [Tools](#tools)
- - [Auditing](#tools-auditing)
- - [Command Injection](#tools-command-injection)
- - [Reconnaissance](#tools-reconnaissance)
- - [OSINT](#tools-osint)
- - [Sub Domain Enumeration](#tools-sub-domain-enumeration)
- - [Code Generating](#tools-code-generating)
- - [Fuzzing](#tools-fuzzing)
- - [Scanning](#tools-scanning)
- - [Penetration Testing](#tools-penetration-testing)
- - [Leaking](#tools-leaking)
- - [Offensive](#tools-offensive)
- - [XSS](#tools-xss)
- - [SQL Injection](#tools-sql-injection)
- - [Template Injection](#tools-template-injection)
- - [XXE](#tools-xxe)
- - [CSRF](#tools-csrf)
- - [SSRF](#tools-ssrf)
- - [Detecting](#tools-detecting)
- - [Preventing](#tools-preventing)
- - [Proxy](#tools-proxy)
- - [Webshell](#tools-webshell)
- - [Disassembler](#tools-disassembler)
- - [Decompiler](#tools-decompiler)
- - [DNS Rebinding](#tools-dns-rebinding)
- - [Others](#tools-others)
-- [Social Engineering Database](#social-engineering-database)
-- [Blogs](#blogs)
-- [Twitter Users](#twitter-users)
-- [Practices](#practices)
- - [Application](#practices-application)
- - [AWS](#practices-aws)
- - [XSS](#practices-xss)
- - [ModSecurity / OWASP ModSecurity Core Rule Set](#practices-modsecurity)
-- [Community](#community)
-- [Miscellaneous](#miscellaneous)
+- [Awesome Web Security ](#awesome-web-security-)
+ - [Contents](#contents)
+ - [Digests](#digests)
+ - [Forums](#forums)
+ - [Introduction](#introduction)
+ - [XSS - Cross-Site Scripting](#xss---cross-site-scripting)
+ - [Prototype Pollution](#prototype-pollution)
+ - [CSV Injection](#csv-injection)
+ - [SQL Injection](#sql-injection)
+ - [Command Injection](#command-injection)
+ - [ORM Injection](#orm-injection)
+ - [FTP Injection](#ftp-injection)
+ - [XXE - XML eXternal Entity](#xxe---xml-external-entity)
+ - [CSRF - Cross-Site Request Forgery](#csrf---cross-site-request-forgery)
+ - [Clickjacking](#clickjacking)
+ - [SSRF - Server-Side Request Forgery](#ssrf---server-side-request-forgery)
+ - [Web Cache Poisoning](#web-cache-poisoning)
+ - [Relative Path Overwrite](#relative-path-overwrite)
+ - [Open Redirect](#open-redirect)
+ - [Security Assertion Markup Language (SAML)](#security-assertion-markup-language-saml)
+ - [Upload](#upload)
+ - [Rails](#rails)
+ - [AngularJS](#angularjs)
+ - [ReactJS](#reactjs)
+ - [SSL/TLS](#ssltls)
+ - [Webmail](#webmail)
+ - [NFS](#nfs)
+ - [AWS](#aws)
+ - [Azure](#azure)
+ - [Fingerprint](#fingerprint)
+ - [Sub Domain Enumeration](#sub-domain-enumeration)
+ - [Crypto](#crypto)
+ - [Web Shell](#web-shell)
+ - [OSINT](#osint)
+ - [DNS Rebinding](#dns-rebinding)
+ - [Deserialization](#deserialization)
+ - [OAuth](#oauth)
+ - [JWT](#jwt)
+ - [Evasions](#evasions)
+ - [XXE](#xxe)
+ - [CSP](#csp)
+ - [WAF](#waf)
+ - [JSMVC](#jsmvc)
+ - [Authentication](#authentication)
+ - [Tricks](#tricks)
+ - [CSRF](#csrf)
+ - [Clickjacking](#clickjacking-1)
+ - [Remote Code Execution](#remote-code-execution)
+ - [XSS](#xss)
+ - [SQL Injection](#sql-injection-1)
+ - [NoSQL Injection](#nosql-injection)
+ - [FTP Injection](#ftp-injection-1)
+ - [XXE](#xxe-1)
+ - [SSRF](#ssrf)
+ - [Web Cache Poisoning](#web-cache-poisoning-1)
+ - [Header Injection](#header-injection)
+ - [URL](#url)
+ - [Deserialization](#deserialization-1)
+ - [OAuth](#oauth-1)
+ - [Others](#others)
+ - [Browser Exploitation](#browser-exploitation)
+ - [Frontend (like SOP bypass, URL spoofing, and something like that)](#frontend-like-sop-bypass-url-spoofing-and-something-like-that)
+ - [Backend (core of Browser implementation, and often refers to C or C++ part)](#backend-core-of-browser-implementation-and-often-refers-to-c-or-c-part)
+ - [PoCs](#pocs)
+ - [Database](#database)
+ - [Cheetsheets](#cheetsheets)
+ - [Tools](#tools)
+ - [Auditing](#auditing)
+ - [Command Injection](#command-injection-1)
+ - [Reconnaissance](#reconnaissance)
+ - [OSINT - Open-Source Intelligence](#osint---open-source-intelligence)
+ - [Sub Domain Enumeration](#sub-domain-enumeration-1)
+ - [Code Generating](#code-generating)
+ - [Fuzzing](#fuzzing)
+ - [Scanning](#scanning)
+ - [Penetration Testing](#penetration-testing)
+ - [Offensive](#offensive)
+ - [XSS - Cross-Site Scripting](#xss---cross-site-scripting-1)
+ - [SQL Injection](#sql-injection-2)
+ - [Template Injection](#template-injection)
+ - [XXE](#xxe-2)
+ - [Cross Site Request Forgery](#cross-site-request-forgery)
+ - [Server-Side Request Forgery](#server-side-request-forgery)
+ - [Leaking](#leaking)
+ - [Detecting](#detecting)
+ - [Preventing](#preventing)
+ - [Proxy](#proxy)
+ - [Webshell](#webshell)
+ - [Disassembler](#disassembler)
+ - [Decompiler](#decompiler)
+ - [DNS Rebinding](#dns-rebinding-1)
+ - [Others](#others-1)
+ - [Social Engineering Database](#social-engineering-database)
+ - [Blogs](#blogs)
+ - [Twitter Users](#twitter-users)
+ - [Practices](#practices)
+ - [Application](#application)
+ - [AWS](#aws-1)
+ - [XSS](#xss-1)
+ - [ModSecurity / OWASP ModSecurity Core Rule Set](#modsecurity--owasp-modsecurity-core-rule-set)
+ - [Community](#community)
+ - [Miscellaneous](#miscellaneous)
+ - [Code of Conduct](#code-of-conduct)
+ - [License](#license)
## Digests
@@ -735,6 +741,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
### Preventing
+- [CrowdSec](https://github.com/crowdsecurity/crowdsec) A next-gen collaborative IPS, written in Go, able to analyze visitor behavior & provide an adapted response to all kinds of attacks. Users can share their alerts about threats with the community and benefit from the network effect.
- [DOMPurify](https://github.com/cure53/DOMPurify) - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by [Cure53](https://cure53.de/).
- [js-xss](https://github.com/leizongmin/js-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https://github.com/leizongmin).
- [Acra](https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https://www.cossacklabs.com/).