Comment on page
Application Security
Reliable Resources for AppSec
Component | Description |
---|---|
Back end Servers | The hardware and operating system that hosts all other components and are usually run on operating systems like Linux, Windows, or using Containers. |
Web Servers | Web servers handle HTTP requests and connections. Some examples are Apache, NGINX, and IIS. |
Databases | Databases (DBs) store and retrieve the web application data. Some examples of relational databases are MySQL, MSSQL, Oracle, PostgreSQL, while examples of non-relational databases include NoSQL and MongoDB. |
Development Frameworks | Development Frameworks are used to develop the core Web Application. Some well-known frameworks include PHP, C#, Java, Python, and NodeJS JavaScript |
General
Mobile
Security Research
Code Analysis
API
Threat Modeling
| |
| |
| ||
| | |
| | |
| |
- 1.Bugcrowd
- 2.HackerOne
- 3.Intigriti
- 4.YesWeHack ⠵
- 5.Synack, Inc.
- 6.HackenProof | Web3 bug bounty platform 🇺🇦
- 7.Open Bug Bounty
- 8.Immunefi
- 9.Cobalt
- 10.Zerocopter
- 11.Yogosha
- 12.SafeHats
- 13.Vulnerability Research Labs, LLC
- 14.AntiHACKme Pte Ltd
- 15.RedStorm Information Security
- 16.Cyber Army Indonesia
- 17.Hacktrophy
- 18.Nordic Defender
- 19.Capture The Bug
- 20.Bugbounter
- 21.Detectify
- 22.BugBase
- 23.Code4rena
- 24.huntr
- 25.Pentabug
Resources | Text | Text |
---|---|---|
| |
Tools | Text | Text |
---|---|---|
InQL -can inspect the introspection query results and generate clean documentation in different formats (Burp Extension) | ||
| | |
Recon
Browser Add-ons
Burp Add-ons
WAF
Deobfuscation
|
Common | Text |
---|---|
Burp Bounty – Profile-based scanner
Active Scan++ – Add more power to Burp’s Active Scanner
AuthMatrix – Authorization/PrivEsc checks
Broken Link Hijacking – For BLH (Broken Link Hijacking)
Collaborator Everywhere – Pingback/SSRF (Server-Side Request Forgery)
Command Injection Attacker
Content-Type Converter – Trying to bypass certain restrictions by changing Content-Type
Decoder Improved – More decoder features
Freddy – Deserialization
Flow – Better HTTP history
HTTP Request Smuggler
Hunt – Potential vuln identifier
InQL – GraphQL Introspection testing
J2EE Scan – Scanning J2EE apps
JSON/JS Beautifier
JSON Web Token Attacker
ParamMiner – Mine hidden parameters
Reflected File Download Checker
Reflected Parameter – Potential reflection
SAML Raider – SAML testing
Upload Scanner – File upload tester
Web Cache Deception Scanner
--- | --- |
JS, PHP, HTML Deobfuscation
XSS
LFI/RFI
SSRF
SSTI
SQLi
Clickjacking
Deserialization
| |