h4cker/web_application_testing/README.md
2020-03-24 14:27:41 -04:00

32 KiB
Raw Blame History

Web Application Testing References

Vulnerable Servers

There are a series of vulnerable web applications that you can use to practice your skills in a safe environment. You can get more information about them in the vulnerable_servers directory in this repository.

The following are a few popular tools that you learned in the video courses part of these series:

WebSploit

WebSploit is a virtual machine (VM) created by Omar Santos for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions delivered at DEFCON, Live Training in Safari, video on demand LiveLessons, and others.

The purpose of this VM is to have a lightweight (single VM) with a few web application penetration testing tools, as well as vulnerable applications.

The following are the vulnerable applications included in WebSploit:

  • Damn Vulnerable Web Application (DVWA)
  • WebGoat
  • Hackazon
  • OWASP Juice Shop
  • OWASP Mutillidae 2

How to Integrate OWASP ZAP with Jenkins

You can integrate ZAP with Jenkins and even automatically create Jira issues based on your findings. You can download the ZAP plug in here.

This video provides an overview of how to integrate

Kubernetes Security

Docker Security

Javascript Tools

XSS - Cross-Site Scripting

CSV Injection

SQL Injection

Command Injection

ORM Injection

FTP Injection

XXE - XML eXternal Entity

CSRF - Cross-Site Request Forgery

SSRF - Server-Side Request Forgery

Rails

AngularJS

SSL/TLS

Webmail

NFS

Fingerprint

Sub Domain Enumeration

Crypto

Web Shell

OSINT

Evasions

CSP

WAF

JSMVC

Authentication

Tricks

CSRF

Remote Code Execution

XSS

SQL Injection

NoSQL Injection

FTP Injection

XXE

SSRF

Header Injection

URL

AMAZING RESOURCES ABOUT WEB TECHNOLOGIES, FRAMEWORKS, PLATFORMS (hundreds of resources)

Platforms

Programming Languages

Front-End Development

Back-End Development

Databases

Content Management Systems