Application Security

Reliable Resources for AppSec

Getting Started

Component

Description

Back end Servers

The hardware and operating system that hosts all other components and are usually run on operating systems like Linux, Windows, or using Containers.

Web Servers

Web servers handle HTTP requests and connections. Some examples are Apache, NGINX, and IIS.

Databases

Databases (DBs) store and retrieve the web application data. Some examples of relational databases are MySQL, MSSQL, Oracle, PostgreSQL, while examples of non-relational databases include NoSQL and MongoDB.

Development Frameworks

Development Frameworks are used to develop the core Web Application. Some well-known frameworks include PHP, C#, Java, Python, and NodeJS JavaScript

Field References

OWASP WSTG 4.2 !

Burpsuite: Commercial Web app testing tool !

Awesome Application Security Checklist

OWASP Cheat Sheet Series

Awesome Web Hacking from @infoslack

Awesome Web Security

PortSwigger Web Security Academy Lab Files from @rkhal101

Hack-Tools Chrome Extension for Web Pentesting

OWASP Vulnerability Scanner Tool List

Awesome Hacking Resources

Damn Vulnerable PHP App

Vulnerable Java Application

OWASP Secrets Management focused vulnerable app

403 byebye

TCM Security PWST Lab Environment !

Web Pentesting Checklist by Joas

Hetty tool

HBSQLi

Reconnaissance

Final Recon (Web Reconnaissance) from @thewhiteh4t

All in One Recon Tool (AORT)

katana by ProjectDiscovery

Domain to IP converter (Python) by @YSSVirus

Cariddi by @edoardott

Directory Fuzzing

CeWL

fzf - Use alias in CLI to easily discover installed wordlists

SecLists - various lists

SubDomain/DNS Enumeration

Common Attacks

PortSwigger XSS Cheat Sheet !

XSS Exploitatation Tool

Tiny XSS Payloads

D4rkXSS

IbrahimXSS

Advanced Attacks

ysoerial for Java libraries

Java Deserialization CheatSheet

ysoserial for .NET libraries

PHP Generic Gadget chains (PHPGGC) - AKA "ysoserial for PHP"

PreviousOffensive-Cybersecurity NextGeneral

Last updated 3 months ago

Application Security

Getting Started

Field References

Top Programs

Extensions and Plugins

BurpSuite Plugins

Common Attacks

Advanced Attacks