h4cker/web_application_testing
Omar Santos 77e3ee7a36
Create burpsuite_plugins.json
A curated list of awesome Burp Extensions / plugins
2024-08-17 01:17:55 -04:00
..
additional_exploits Create dc31_01.sh 2023-10-19 15:30:07 -04:00
Attacking_Application_Logic_Flaws_and_Shared_Environments.md Create Attacking_Application_Logic_Flaws_and_Shared_Environments.md 2024-08-03 19:13:45 -04:00
burpsuite_plugins.json Create burpsuite_plugins.json 2024-08-17 01:17:55 -04:00
cookie_stealer_payload.md Update cookie_stealer_payload.md 2021-03-27 15:48:22 -04:00
docker_references.md Update docker_references.md 2018-05-02 00:20:11 -04:00
README.md Update README.md 2020-09-04 00:46:30 -04:00
sql-injection-tools.md adding popular SQL injection tools 2021-09-30 14:40:17 -04:00
sqli_evasion.md Create sqli_evasion.md 2024-07-26 13:57:38 -04:00
ssrf_galatic_archives.py Update ssrf_galatic_archives.py 2023-07-03 23:11:33 -04:00
ssrf_ywing.md Create ssrf_ywing.md 2023-07-03 19:33:04 -04:00
ssrf_ywing.py Update ssrf_ywing.py 2023-07-03 19:26:13 -04:00
xss_vectors.md Update xss_vectors.md 2019-05-17 10:55:53 -04:00

Web Application Testing References

Vulnerable Servers

There are a series of vulnerable web applications that you can use to practice your skills in a safe environment. You can get more information about them in the vulnerable_servers directory in this repository.

The following are a few popular tools that you learned in the video courses part of these series:

Article: A Quick Guide to Using ffuf with Burp Suite

WebSploit

WebSploit is a virtual machine (VM) created by Omar Santos for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions delivered at DEFCON, Live Training in Safari, video on demand LiveLessons, and others.

The purpose of this VM is to have a lightweight (single VM) with a few web application penetration testing tools, as well as vulnerable applications.

How to Integrate OWASP ZAP with Jenkins

You can integrate ZAP with Jenkins and even automatically create Jira issues based on your findings. You can download the ZAP plug in here.

This video provides an overview of how to integrate

Kubernetes Security

Docker Security

Javascript Tools

XSS - Cross-Site Scripting

CSV Injection

SQL Injection

Command Injection

ORM Injection

FTP Injection

XXE - XML eXternal Entity

CSRF - Cross-Site Request Forgery

SSRF - Server-Side Request Forgery

Rails

AngularJS

SSL/TLS

Webmail

NFS

Fingerprint

Sub Domain Enumeration

Crypto

Web Shell

OSINT

Evasions

CSP

WAF

JSMVC

Authentication

Tricks

CSRF

Remote Code Execution

XSS

SQL Injection

NoSQL Injection

FTP Injection

XXE

SSRF

Header Injection

URL

AMAZING RESOURCES ABOUT WEB TECHNOLOGIES, FRAMEWORKS, PLATFORMS (hundreds of resources)

Platforms

Programming Languages

Front-End Development

Back-End Development

Databases

Content Management Systems