A curated list of Web Security materials and resources.
Go to file
2017-03-10 19:42:33 +08:00
.gitignore Update README.md 2017-01-31 17:20:24 +08:00
CONTRIBUTING.md Create awesome list for Web Security. 🐶 2017-01-30 01:51:21 +09:00
README.md add a article 2017-03-10 19:42:33 +08:00

Awesome Web Security Awesome

🐶 A curated list of Web Security materials and resources.

Please read the contribution guidelines before contributing.


🌈 Want to strengthen your penetration skills?
I would recommend to play some awesome-ctfs.


Check out my repos 🐾 or say hi on my Twitter.

Menu

Collection

Resource

XSS

  • H5SC - HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors by @cure53.
  • XSS.png - A XSS mind map by @jackmasa.

SQL Injection

XML

CSRF

Rails

AngularJS

Evasion

CSP

WAF

JSMVC

Trick

Remote Code Execution

XSS

SQL Injection

SSRF

Header Injection

Others

Browser Exploitation

PoC

JavaScript

Tool

Code Generating

Disassembler

Fuzzing

Penetrating

  • Burp Suite - Burp Suite is an integrated platform for performing security testing of web applications by portswigger.
  • mitmproxy mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers by @mitmproxy.

Leaking

Detecting

  • sqlchop sqlchop - [DEPRECATED] A novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis by chaitin.
  • retire.js retire.js - Scanner detecting the use of JavaScript libraries with known vulnerabilities by @RetireJS.
  • malware-jail malware-jail - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction by @HynekPetrak.

Others

Blog

Twitter User

Miscellaneous

Practice

AWS

XSS

License

CC0

To the extent possible under law, Sindre Sorhus has waived all copyright and related or neighboring rights to this work.