红日攻防实验室

红日攻防实验室



Web安全资料和资源列表

post-bg-nextgen-web-pwa1.jpg

Awesome Web Security

Contents

Forums

  • Drops (backup) - Drops was known as a famous knowledge base for hacking technology.
  • Paper from Seebug - Knowledge base for hacking technology built by Seebug.
  • Freebuf - Freebuf is the most popular forum in China for exchanging and sharing hacking technology.
  • 安全脉搏 - Blog for Security things.

Resources

Introductions

XSS

SQL Injection

XML

CSRF

Rails

AngularJS

SSL/TLS

Webmail

AWS

Books

Evasions

CSP

WAF

JSMVC

Authentication

Tricks

Remote Code Execution

XSS

SQL Injection

SSRF

Header Injection

URL

Others

Browser Exploitation

PoCs

JavaScript

Tools

Code Generating

Disassembler

Fuzzing

Penetrating

  • Burp Suite - Burp Suite is an integrated platform for performing security testing of web applications by portswigger.
  • mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers by @mitmproxy.

Leaking

Detecting

  • sqlchop - [DEPRECATED] Novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis by chaitin.
  • retire.js - Scanner detecting the use of JavaScript libraries with known vulnerabilities by @RetireJS.
  • malware-jail - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction by @HynekPetrak.

Preventing

  • js-xss - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by @leizongmin.

Webshell

Others

Blogs

Twitter Users

Practices

AWS

XSS

Community

Miscellaneous

 标签: none

作者  :  redBu11



关于我

about me

redBu11

联系我