Awesome Web Security

🐶 A curated list of Web Security materials and resources.

Please read the contribution guidelines before contributing.

---

🌈 Want to strengthen your penetration skills?
I would recommend to play some awesome-ctfs.

---

Check out my repos 🐾 or say hi on my Twitter.

Menu

• Resource
  • SQL Injection
  • XML
• Evasion
  • CSP
• Trick
  • SQL Injection
• Tool
  • Code Generating
  • Fuzzing
  • Detecting
• Blog
• Miscellaneous

Resource

SQL Injection

• HQL for pentesters

XML

• XML实体攻击 - 从内网探测到命令执行步步惊心, written by 张天琪.

Evasion

CSP

• CSP: bypassing form-action with reflected XSS, written by Detectify Labs.

Trick

SQL Injection

• 屌智硬之mysql不用逗号注入, written by jinglingshu.
• 见招拆招：绕过WAF继续SQL注入常用方法, written by mikey.

Tool

Code Generating

• VWGen - Vulnerable Web applications Generator by @qazbnm456.

Fuzzing

• wfuzz - Web application bruteforcer by @xmendez.

Detecting

• sqlchop - [DEPRECATED] A novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis by chaitin.

Blog

• Broken Browser - Fun with Browser Vulnerabilities.

Miscellaneous

• 如何正確的取得使用者 IP ？

License

To the extent possible under law, Sindre Sorhus has waived all copyright and related or neighboring rights to this work.