Track Awesome Web Security Updates Daily

馃惗 A curated list of Web Security materials and resources.

馃彔 Home馃攳 Search馃敟 Feed馃摦 Subscribe馃樅 qazbnm456/awesome-web-security猸 9K馃彿锔 Security

[ Daily / Weekly / Overview ]

Oct 05, 2020

Crypto

Scanning / Sub Domain Enumeration

Aug 26, 2020

Webshell / Server-Side Request Forgery

Aug 09, 2020

Prototype Pollution

Deserialization

Jul 29, 2020

Prototype Pollution

Jul 28, 2020

Digests

JWT

Jun 19, 2020

Deserialization

Backend (core of Browser implementation, and often refers to C or C++ part)

Miscellaneous / Server-Side Request Forgery

May 22, 2020

Deserialization

May 12, 2020

OAuth

May 11, 2020

XSS

Miscellaneous / Server-Side Request Forgery

May 10, 2020

OAuth

CSRF

Frontend (like SOP bypass, URL spoofing, and something like that)

Backend (core of Browser implementation, and often refers to C or C++ part)

Miscellaneous / Server-Side Request Forgery

May 09, 2020

Digests

AWS

SQL Injection

Deserialization

Cheetsheets

Offensive / XSS - Cross-Site Scripting

Preventing / Server-Side Request Forgery

Miscellaneous / Server-Side Request Forgery

May 05, 2020

SSL/TLS

Mar 22, 2020

Miscellaneous / Server-Side Request Forgery

Dec 30, 2019

Prototype Pollution

XSS

Others

Frontend (like SOP bypass, URL spoofing, and something like that)

Nov 30, 2019

XSS - Cross-Site Scripting

SQL Injection

Command Injection

XXE - XML eXternal Entity

Open Redirect

Nov 22, 2019

Crypto

NoSQL Injection

SSRF

Others

Backend (core of Browser implementation, and often refers to C or C++ part)

Database

Miscellaneous / Server-Side Request Forgery

Nov 05, 2019

XSS - Cross-Site Scripting

CSV Injection

SQL Injection

Command Injection

XXE - XML eXternal Entity

CSRF - Cross-Site Request Forgery

SSRF - Server-Side Request Forgery

Web Cache Poisoning

Open Redirect

Security Assertion Markup Language (SAML)

Upload

XXE

Remote Code Execution

XSS

Offensive / XXE

Others / Server-Side Request Forgery

Oct 24, 2019

Rails

Oct 04, 2019

Application / Server-Side Request Forgery

Sep 15, 2019

DNS Rebinding

DNS Rebinding / Server-Side Request Forgery

Aug 25, 2019

Clickjacking

Miscellaneous / Server-Side Request Forgery

Aug 24, 2019

Azure

Auditing

Fuzzing / Sub Domain Enumeration

Leaking / Server-Side Request Forgery

Twitter Users / Server-Side Request Forgery

Miscellaneous / Server-Side Request Forgery

Jun 26, 2019

Offensive / Server-Side Request Forgery

Jun 25, 2019

Relative Path Overwrite

Security Assertion Markup Language (SAML)

CSRF

XSS

SQL Injection

Frontend (like SOP bypass, URL spoofing, and something like that)

May 26, 2019

Remote Code Execution

CSP

XSS

Frontend (like SOP bypass, URL spoofing, and something like that)

Backend (core of Browser implementation, and often refers to C or C++ part)

Miscellaneous / Server-Side Request Forgery

Dec 31, 2018

Offensive / Cross Site Request Forgery

Dec 29, 2018

Detecting / Server-Side Request Forgery

Dec 17, 2018

Miscellaneous / Server-Side Request Forgery

Nov 05, 2018

XSS

Backend (core of Browser implementation, and often refers to C or C++ part)

Reconnaissance / OSINT - Open-Source Intelligence

Oct 29, 2018

Upload

SSRF

Frontend (like SOP bypass, URL spoofing, and something like that)

Blogs / Server-Side Request Forgery

AWS / Server-Side Request Forgery

Miscellaneous / Server-Side Request Forgery

Oct 24, 2018

Fuzzing / Sub Domain Enumeration

Scanning / Sub Domain Enumeration

Oct 23, 2018

Fuzzing / Sub Domain Enumeration

Scanning / Sub Domain Enumeration

Oct 22, 2018

XSS - Cross-Site Scripting

Web Cache Poisoning

Remote Code Execution

XSS

SQL Injection

Frontend (like SOP bypass, URL spoofing, and something like that)

Reconnaissance / OSINT - Open-Source Intelligence

Offensive / XSS - Cross-Site Scripting

Webshell / Server-Side Request Forgery

Oct 13, 2018

Miscellaneous / Server-Side Request Forgery

Oct 12, 2018

AWS

OSINT

XSS

SSRF

Oct 01, 2018

Fuzzing / Sub Domain Enumeration

Sep 12, 2018

Database

Sep 09, 2018

Open Redirect

SSRF

Aug 29, 2018

SSRF

Aug 25, 2018

Command Injection

Aug 24, 2018

Remote Code Execution

Aug 01, 2018

CSP

Jul 30, 2018

Preventing / Server-Side Request Forgery

Jul 19, 2018

CSP

Reconnaissance / Sub Domain Enumeration

Penetration Testing / Sub Domain Enumeration

Offensive / Template Injection

Blogs / Server-Side Request Forgery

Jul 13, 2018

SSRF - Server-Side Request Forgery

CSP

Jul 11, 2018

Offensive / XSS - Cross-Site Scripting

Jul 05, 2018

Frontend (like SOP bypass, URL spoofing, and something like that)

Backend (core of Browser implementation, and often refers to C or C++ part)

Jun 28, 2018

ReactJS

Jun 18, 2018

Webmail

Blogs / Server-Side Request Forgery

Jun 08, 2018

XSS - Cross-Site Scripting

Jun 02, 2018

Miscellaneous / Server-Side Request Forgery

May 31, 2018

Remote Code Execution

May 25, 2018

Detecting / Server-Side Request Forgery

May 02, 2018

Database

Apr 23, 2018

Reconnaissance / OSINT - Open-Source Intelligence

Fuzzing / Sub Domain Enumeration

Penetration Testing / Sub Domain Enumeration

Miscellaneous / Server-Side Request Forgery

Apr 15, 2018

Penetration Testing / Sub Domain Enumeration

Leaking / Server-Side Request Forgery

Miscellaneous / Server-Side Request Forgery

Mar 29, 2018

Miscellaneous / Server-Side Request Forgery

Mar 21, 2018

Leaking / Server-Side Request Forgery

Mar 20, 2018

Backend (core of Browser implementation, and often refers to C or C++ part)

Mar 19, 2018

XSS

Miscellaneous / Server-Side Request Forgery

Mar 16, 2018

Others

Mar 12, 2018

Decompiler / Server-Side Request Forgery

Miscellaneous / Server-Side Request Forgery

Mar 02, 2018

SSRF

Reconnaissance / OSINT - Open-Source Intelligence

Feb 28, 2018

OSINT

Reconnaissance / OSINT - Open-Source Intelligence

Feb 26, 2018

XXE

Feb 23, 2018

Forums

CSV Injection

SQL Injection

Command Injection

ORM Injection

FTP Injection

XXE - XML eXternal Entity

CSRF - Cross-Site Request Forgery

Rails

AngularJS

SSL/TLS

NFS

AWS

Sub Domain Enumeration

Web Shell

OSINT

CSP

WAF

JSMVC

Authentication

CSRF

Remote Code Execution

XSS

SSRF

Header Injection

URL

Others

Frontend (like SOP bypass, URL spoofing, and something like that)

Backend (core of Browser implementation, and often refers to C or C++ part)

Database

Auditing

Reconnaissance / OSINT - Open-Source Intelligence

Reconnaissance / Sub Domain Enumeration

Code Generating / Sub Domain Enumeration

Fuzzing / Sub Domain Enumeration

Penetration Testing / Sub Domain Enumeration

Offensive / XSS - Cross-Site Scripting

Offensive / SQL Injection

Leaking / Server-Side Request Forgery

Detecting / Server-Side Request Forgery

Preventing / Server-Side Request Forgery

Proxy / Server-Side Request Forgery

Webshell / Server-Side Request Forgery

Disassembler / Server-Side Request Forgery

Others / Server-Side Request Forgery

Social Engineering Database / Server-Side Request Forgery

Blogs / Server-Side Request Forgery

Twitter Users / Server-Side Request Forgery

Application / Server-Side Request Forgery

AWS / Server-Side Request Forgery

XSS / Server-Side Request Forgery

ModSecurity / OWASP ModSecurity Core Rule Set / Server-Side Request Forgery

Community / Server-Side Request Forgery

Miscellaneous / Server-Side Request Forgery