3.1 KiB

Raw Blame History

Awesome Web Security

🐶 A curated list of Web Security materials and resources.

Please read the contribution guidelines before contributing.

🌈 Want to strengthen your penetration skills?
I would recommend to play some awesome-ctfs.

Check out my repos 🐾 or say hi on my Twitter.

Resource
- SQL Injection
- XML
Evasion
- CSP
Trick
- SQL Injection
Tool
Blog
Miscellaneous

Resource

SQL Injection

HQL for pentesters

XML

XML实体攻击 - 从内网探测到命令执行步步惊心, written by 张天琪.

Evasion

CSP

CSP: bypassing form-action with reflected XSS, written by Detectify Labs.

Trick

SQL Injection

屌智硬之mysql不用逗号注入, written by jinglingshu.
见招拆招：绕过WAF继续SQL注入常用方法, written by mikey.

Tool

Code Generating

VWGen - Vulnerable Web applications Generator by @qazbnm456.

Fuzzing

wfuzz - Web application bruteforcer by @xmendez.

Detecting

sqlchop - [DEPRECATED] A novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis by chaitin.

Blog

Broken Browser - Fun with Browser Vulnerabilities.

Miscellaneous

如何正確的取得使用者 IP ？

License

To the extent possible under law, Sindre Sorhus has waived all copyright and related or neighboring rights to this work.