{"id":21400672,"url":"https://github.com/cybersecurityup/ewpt-preparation","last_synced_at":"2026-01-03T02:42:54.703Z","repository":{"id":41055084,"uuid":"408626897","full_name":"CyberSecurityUP/eWPT-Preparation","owner":"CyberSecurityUP","description":null,"archived":false,"fork":false,"pushed_at":"2021-09-20T23:13:29.000Z","size":8,"stargazers_count":151,"open_issues_count":0,"forks_count":38,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-01-23T02:45:42.883Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CyberSecurityUP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-09-20T23:12:55.000Z","updated_at":"2024-12-29T17:47:01.000Z","dependencies_parsed_at":"2022-07-17T10:16:31.152Z","dependency_job_id":null,"html_url":"https://github.com/CyberSecurityUP/eWPT-Preparation","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FeWPT-Preparation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FeWPT-Preparation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FeWPT-Preparation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FeWPT-Preparation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CyberSecurityUP","download_url":"https://codeload.github.com/CyberSecurityUP/eWPT-Preparation/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243893905,"owners_count":20364916,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-22T15:23:32.731Z","updated_at":"2026-01-03T02:42:54.676Z","avatar_url":"https://github.com/CyberSecurityUP.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# eWPT Preparation by Joas\n\n## Recon and Enumeration Domain \n\n### https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6\n\n### https://medium.com/qualityholics/ewpt-exam-review-tips-8a4d9cebf5f9\n\n### https://elearnsecurity.com/uncategorized/pentesting-101-fingerprinting-continued/\n\n### https://pentester.land/cheatsheets/2018/11/14/subdomains-enumeration-cheatsheet.html\n\n### https://www.youtube.com/watch?v=TmK0Zpggz48\u0026ab_channel=SemiYulianto\n\n### https://www.youtube.com/watch?v=d8zwXxixz5Y\u0026ab_channel=HacktifyCyberSecurity\n\n### https://resources.infosecinstitute.com/topic/how-to-create-a-subdomain-enumeration-toolkit/\n\n### https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/recon-and-osint/subdomain-enumeration\n\n### https://spyse.com/blog/information-gathering/how-to-find-subdomains-instantly\n\n### https://book.hacktricks.xyz/external-recon-methodology\n\n### https://github.com/KingOfBugbounty/KingOfBugBountyTips\n\n### https://www.youtube.com/watch?v=amihlWTtkMA\u0026ab_channel=Nahamsec\n\n### https://www.youtube.com/watch?v=o8L2nweiF1s\u0026ab_channel=InsiderPhD\n\n### https://medium.com/@ehsahil/recon-my-way-82b7e5f62e21\n\n### https://portswigger.net/blog/finding-your-first-bug-bounty-hunting-tips-from-the-burp-suite-community\n\n### https://null-byte.wonderhowto.com/how-to/conduct-recon-web-target-with-python-tools-0198114/\n\n### https://www.infosecmatter.com/bug-bounty-tips/\n\n### https://hackbotone.medium.com/10-recon-tools-for-bug-bounty-bafa8a5961bd\n\n### https://www.youtube.com/watch?v=Hnz1d4WmD5Y\u0026ab_channel=HackerSploit\n\n### https://www.youtube.com/watch?v=bewbdPvs_g8\u0026ab_channel=Conda\n\n## Social Networks\n\n### https://www.linkedin.com/in/joas-antonio-dos-santos/\n\n## Wordpress Attacks and Other CMS Vulnerability\n\n### https://book.hacktricks.xyz/pentesting/pentesting-web/wordpress\n\n### https://securityboulevard.com/2020/03/penetration-testing-for-wordpress-websites/\n\n### https://www.getastra.com/blog/security-audit/wordpress-penetration-testing/\n\n### https://deliciousbrains.com/wordpress-penetration-testing/\n\n### https://hackertarget.com/attacking-wordpress/\n\n### https://secure.wphackedhelp.com/blog/wordpress-security-tips-2019/\n\n### https://github.com/timashana/WordPress-Pentesting\n\n### https://github.com/jguerrero12/WordPress-Pentesting\n\n### https://github.com/whuang8/wordpress-pentests\n\n### https://github.com/magnimusprime/WordPress-Pentesting\n\n### https://www.infosecmatter.com/cms-vulnerability-scanners-for-wordpress-joomla-drupal-moodle-typo3/\n\n### https://www.acunetix.com/vulnerability-scanner/cms-vulnerability-scanner/\n\n### https://linuxsecurity.expert/security-tools/cms-vulnerability-scanners\n\n### https://medium.com/@rohitaher023/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security-5aef8d10227b\n\n### https://github.com/gajos112/OSCP/blob/master/CMS%20Vulnerability%20Scanners\n\n## BurpSuite\n\n### https://portswigger.net/burp/documentation/desktop/penetration-testing\n\n### https://www.youtube.com/watch?v=N-IKHmGjf2c\u0026ab_channel=Bugcrowd\n\n### https://www.youtube.com/watch?v=G3hpAeoZ4ek\u0026ab_channel=JohnHammond\n\n### https://www.youtube.com/watch?v=_XUQ7etMCT8\u0026ab_channel=TutorialsPoint%28India%29Ltd.\n\n### https://www.youtube.com/watch?v=h2duGBZLEek\u0026ab_channel=Bugcrowd\n\n### https://www.youtube.com/watch?v=Chql4bNE6_g\u0026ab_channel=CyberFrat\n\n### https://www.youtube.com/watch?v=57559arUG3c\u0026ab_channel=PortSwigger\n\n### https://www.youtube.com/watch?v=cyWmZ2WgnEE\n\n### https://www.youtube.com/watch?v=c0h3aciBIyQ\u0026ab_channel=Vicky%27sBlog\n\n### https://www.youtube.com/watch?v=mibKttwhbRk\u0026ab_channel=InsiderPhD\n\n### https://www.youtube.com/watch?v=iG7003AC8ys\u0026ab_channel=webpwnized\n\n### https://www.youtube.com/watch?v=oWRseGm-a6I\u0026ab_channel=KacperSzurekEN\n\n### https://www.youtube.com/watch?v=-6uPHcLj4oU\u0026ab_channel=Hacksplained\n\n### https://portswigger.net/blog/20-burp-suite-tips-from-the-burp-user-community\n\n## ClickJacking Attacking\n\n### https://owasp.org/www-community/attacks/Clickjacking\n\n### https://portswigger.net/web-security/clickjacking\n\n### https://www.hacksplaining.com/prevention/click-jacking\n\n### https://resh.com.br/blog/realizando-bypass-no-cabecalho-x-frame-options/\n\n### https://auth0.com/blog/preventing-clickjacking-attacks/\n\n### https://www.synopsys.com/glossary/what-is-clickjacking.html\n\n### https://www.youtube.com/watch?v=jcp5t8PsMsY\u0026ab_channel=HackerOne\n\n### https://www.youtube.com/watch?v=Pdc5KJfOQpI\u0026ab_channel=Hacksplaining\n\n### https://www.youtube.com/watch?v=FEflwAIlLmg\u0026ab_channel=Gomahamaya\n\n### https://www.youtube.com/watch?v=mso5FSWEtdo\u0026ab_channel=VERILOGCOURSETEAM\n\n### https://www.youtube.com/watch?v=LEdwUGsffwY\u0026ab_channel=MichaelSommer\n\n### https://www.youtube.com/watch?v=Zm1lQAQOqJ0\u0026ab_channel=MichaelSommer\n\n## Session Hijacking\n\n### https://owasp.org/www-community/attacks/Session_hijacking_attack\n\n### https://www.youtube.com/watch?v=fxrCJNQ96Kg\u0026ab_channel=intrigano\n\n### https://www.youtube.com/watch?v=OriuOtSCUpo\u0026ab_channel=MarcosHenrique\n\n### https://www.youtube.com/watch?v=sqMCPxwzIf8\u0026ab_channel=PluralsightIT-TrainingArchive\n\n### https://us.norton.com/internetsecurity-id-theft-session-hijacking.html\n\n### https://www.venafi.com/blog/what-session-hijacking\n\n### https://www.imperva.com/learn/application-security/session-hijacking/\n\n### https://www.globalsign.com/en/blog/session-hijacking-and-how-to-prevent-it\n\n### https://motilia.com/-/session-hijacking-xss-csrf\n\n### https://medium.com/stolabs/stored-xss-session-hijacking-20faf069ef4\n\n### https://www.youtube.com/watch?v=wbgOzImzAfg\u0026ab_channel=D4RKR0N\n\n### https://www.youtube.com/watch?v=HQdCgooETXw\u0026ab_channel=InfiniteLogins\n\n### https://www.youtube.com/watch?v=nJrH7HaiMPI\u0026ab_channel=HackingTeacher\n\n### https://www.agiratech.com/xss-csrf-and-session-hijacking\n\n## FingerPrinting\n\n### https://pentestlab.blog/2012/08/01/web-application-fingerprinting/\n\n### https://pentestlab.files.wordpress.com/2012/11/automated-web-application-fingerprinting.pdf\n\n### https://www.youtube.com/watch?v=_k9Bsppz4A8\u0026ab_channel=TheHacktivists\n\n### https://www.youtube.com/watch?v=_k9Bsppz4A8\u0026ab_channel=TheHacktivists\n\n### https://www.youtube.com/watch?v=8WrluFRoJhs\u0026ab_channel=BlackHat\n\n### https://null-byte.wonderhowto.com/how-to/fingerprint-web-apps-servers-for-better-recon-more-successful-hacks-0302807/\n\n### https://www.m2sys.com/blog/cloud-computing/three-ways-of-biometric-authentication-in-web-application/\n\n### https://www.youtube.com/watch?v=PAPaGTFSXK4\u0026ab_channel=TheHacktivists\n\n## SQL Injection \u0026 Types and SQLMap\n\n### https://www.geeksforgeeks.org/authentication-bypass-using-sql-injection-on-login-page/#:~:text=SQL%20injection%20is%20a%20technique,that%20might%20destroy%20your%20database.\n\n### https://sechow.com/bricks/docs/login-1.html\n\n### https://portswigger.net/support/using-sql-injection-to-bypass-authentication\n\n### https://www.youtube.com/watch?v=RXBlTgsawdI\u0026ab_channel=CyberSecurityTV\n\n### https://www.youtube.com/watch?v=b4Wn0n6LBcM\u0026ab_channel=shadsluiter\n\n### https://www.youtube.com/watch?v=6O4NuKA0pSI\u0026ab_channel=zSecurity\n\n### https://www.devmedia.com.br/sql-injection-em-ambientes-web/9733\n\n### https://www.guru99.com/learn-sql-injection-with-practical-example.html\n\n### http://www.securityidiots.com/Web-Pentest/SQL-Injection/bypass-login-using-sql-injection.html\n\n### https://www.sqlinjection.net/login/\n\n### https://owasp.org/www-community/attacks/Blind_SQL_Injection\n\n### https://portswigger.net/web-security/sql-injection/blind\n\n### https://www.netsparker.com/blog/web-security/how-blind-sql-injection-works/\n\n### https://infosecwriteups.com/out-of-band-oob-sql-injection-87b7c666548b\n\n### https://www.acunetix.com/blog/articles/sqli-part-6-out-of-band-sqli/\n\n### https://www.youtube.com/watch?v=soPDfYl2Ef8\u0026ab_channel=RanaKhalil\n\n### https://www.youtube.com/watch?v=6Ei7wX1cp5k\u0026ab_channel=RanaKhalil\n\n### https://www.youtube.com/watch?v=KOaDan0UqFs\u0026ab_channel=RanaKhalil\n\n### https://portswigger.net/web-security/sql-injection/blind/lab-out-of-band\n\n### https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/out-of-band-sql-injection/\n\n## CSRF\n\n### https://www.youtube.com/watch?v=HTgyif6u5RY\u0026ab_channel=RanaKhalil\n\n### https://cobalt.io/blog/a-pentesters-guide-to-cross-site-request-forgery-csrf\n\n### https://book.hacktricks.xyz/pentesting-web/csrf-cross-site-request-forgery\n\n### https://www.youtube.com/watch?v=dMwxIHIabeg\u0026ab_channel=TutorialsPoint%28India%29Ltd.\n\n### https://www.youtube.com/watch?v=TwG0Rd0hr18\u0026ab_channel=HackerSploit\n\n### https://www.veracode.com/security/cross-site-request-forgery-guide-learn-all-about-csrf-attacks-and-csrf-protection\n\n### https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery\n\n### https://portswigger.net/support/using-burp-to-test-for-cross-site-request-forgery\n\n### https://www.rapid7.com/blog/post/2020/11/19/this-one-time-on-a-pen-test-csrf-to-password-reset-phishing/\n\n### https://corneacristian.medium.com/top-25-csrf-bug-bounty-reports-ffb0b61afa55\n\n### https://www.youtube.com/watch?v=ImqLlFMQrwQ\u0026ab_channel=TheXSSrat\n\n### https://www.youtube.com/watch?v=ULvf6N8AL2A\u0026ab_channel=InsiderPhD\n\n## Crawling and Spidering\n\n### https://www.screamingfrog.co.uk/seo-spider/\n\n### https://medium.com/@marlessonsantana/utilizando-o-scrapy-do-python-para-monitoramento-em-sites-de-not%C3%ADcias-web-crawler-ebdf7f1e4966\n\n### https://www.webfx.com/blog/internet/what-is-a-web-crawler/\n\n### https://www.octoparse.com/DataCrawler\n\n### https://www.screamingfrog.co.uk/crawl-javascript-seo/\n\n### https://www.parsehub.com/blog/web-scraping-vs-web-crawling/\n\n### https://www.youtube.com/watch?v=Kw3m37ebxmQ\u0026ab_channel=HackerSploit\n\n### https://securityonline.info/not-your-average-web-crawler-web-crawler-for-bug-hunting/\n\n### http://mateslab.weebly.com/web-crawler-security-tool.html\n\n### https://pentestmag.com/startup-new-kind-web-crawler/\n\n### https://hakluke.medium.com/introducing-hakrawler-a-fast-web-crawler-for-hackers-ff799955f134\n\n## Reviews\n\n### https://medium.com/@unt0uchable1/elearnsecurity-ewpt-review-and-tips-72f955f3670\n\n### https://sorsdev.com/2021/04/18/elearnsecuritys-ewpt-exam-review/\n\n### https://h0mbre.github.io/eWPT/\n\n### https://www.linkedin.com/pulse/como-tirei-certifica%C3%A7%C3%A3o-ewpt-review-iran-macedo/?trk=read_related_article-card_title\u0026originalSubdomain=pt\n\n### https://kentosec.com/2020/06/25/elearnsecurity-web-application-penetration-tester-ewpt-review/\n\n### https://www.reddit.com/r/AskNetsec/comments/6fwthl/elearnsecuritys_ewpt/\n\n### https://cinzinga.com/eWPT-WAPT/\n\n### https://www.youtube.com/watch?v=cOH7IYhbVPA\u0026ab_channel=WilsonSecurityGroup\n\n### https://bestestredteam.com/2019/05/16/elearnsecuritys-web-application-penetration-tester-review/\n\n### https://thomfre.dev/elearnsecurity-web-application-pentester\n\n### https://www.doyler.net/security-not-included/ewpt-exam\n\n### https://www.youtube.com/watch?v=FhIOeXMWWCw\u0026ab_channel=WilsonSecurityGroup\n\n### https://medium.com/cybersecpadawan/elearnsecurity-ewpt-certification-b7592bfc70af\n\n### https://www.linkedin.com/pulse/overview-da-certifica%C3%A7%C3%A3o-ewpt-elearning-web-tester-dos-santos/?originalSubdomain=pt\n\n### https://github.com/h0mbre/h0mbre.github.io/blob/master/_posts/2019-04-15-eWPT.md\n\n### https://github.com/h0mbre/h0mbre.github.io/blob/master/_posts/2019-08-03-Security-Certifications-And-Fun.md\n\n### https://github.com/IgorSasovets/web-security-learning-resources\n\n### https://sorsdev.com/2021/04/24/elearnsecuritys-ewpt-tips-tricks/\n\n### https://medium.com/@klockw3rk/elearnsecurity-web-application-penetration-testing-course-wapt-ewpt-2f7480120b8e\n\n### https://veteransec.com/2018/12/22/my-elearnsecurity-experience-part-1-wapt/\n\n## Web Application Fundamentals\n\n### https://pt.wikipedia.org/wiki/Cross-origin_resource_sharing#:~:text=Cross%2DOrigin%20Resource%20Sharing%20ou,o%20recurso%20que%20ser%C3%A1%20recuperado.\n\n### https://developer.mozilla.org/pt-BR/docs/Web/HTTP/CORS\n\n### https://www.youtube.com/watch?v=af5RI6bLkyw\u0026ab_channel=SoftwareEngineeringInstitute%7CCarnegieMellonUniversity\n\n### https://www.youtube.com/watch?v=h-WtIT6gCBk\u0026ab_channel=TheTechCave\n\n### https://www.freecodecamp.org/news/secure-your-web-application-with-these-http-headers-fd66e0367628/\n\n### https://help.deepsecurity.trendmicro.com/20_0/on-premise/http-security-headers.html#:~:text=Security%20headers%20are%20directives%20used,Cross%2DSite%20Scripting%20or%20Clickjacking.\n\n### https://www.netsparker.com/blog/web-security/http-security-headers/\n\n### https://owasp.org/www-project-secure-headers/\n\n### https://www.smashingmagazine.com/2017/04/secure-web-app-http-headers/\n\n### https://www.youtube.com/watch?v=CFzgKfnmG-Q\u0026ab_channel=PrettyPrinted\n\n### https://www.youtube.com/watch?v=9dT0FSH-aGQ\u0026ab_channel=CodingTech\n\n### https://www.youtube.com/watch?v=eesqK59rhGA\u0026ab_channel=TheTechCave\n\n### https://rapidapi.com/blog/api-glossary/http-request-methods/\n\n### https://code-maze.com/http-series-part-1/\n\n## XSS and BeeF\n\n### https://github.com/boku7/XSS-Clientside-Attacks\n\n### https://github.com/Naategh/PyCk/tree/master/Web\n\n### https://medium.com/bugbountywriteup/file-upload-xss-patched-83ea55bb9a55\n\n### https://portswigger.net/web-security/cross-site-scripting/cheat-sheet\n\n### https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting\n\n### https://www.kitploit.com/2018/05/xss-payload-list-cross-site-scripting.html\n\n### https://www.aptive.co.uk/blog/xss-cross-site-scripting/\n\n### https://labs.nettitude.com/blog/cross-site-scripting-xss-payload-generator/\n\n### https://cobalt.io/blog/a-pentesters-guide-to-cross-site-scripting-xss\n\n### https://xss.js.org/#/\n\n### https://www.researchgate.net/figure/Classification-of-XSS-payloads-exemplified_fig4_220622661\n\n### https://xsshunter.com/features\n\n### https://www.cin.ufpe.br/~tg/2009-2/agsj.pdf\n\n### ftp://ftp.registro.br/pub/gts/gts33/tutorial/A7%20-%20Cross-Site%20Scripting.pdf\n\n### http://www.inf.ufsc.br/~bosco.sobral/ensino/ine5680/material-seg-redes/Serie%20Ataques-RedeSegura-XSS.pdf\n\n### http://prlalmeida.com.br/anteriores/ArqRefNegocios/Aula%2054%20-%20Cross%20Site%20Scripting.pdf\n\n### https://www.enacomp.com.br/2017/docs/analise-vulnerabilidade_xss_apps_web.pdf\n\n### https://owasp.org/www-pdf-archive//OWASPTop10XSSLongIsland.pdf\n\n### https://owasp.org/www-community/Types_of_Cross-Site_Scripting\n\n### https://owasp.org/www-community/attacks/xss/\n\n### https://portswigger.net/web-security/cross-site-scripting\n\n### https://www.acunetix.com/websitesecurity/xss/\n\n### https://www.veracode.com/security/xss\n\n### https://blog.detectify.com/2019/03/15/what-are-the-different-types-of-xss/\n\n## Vulnerability Analysis\n\n### https://www.youtube.com/watch?v=Uv6Idf5ZB9c\u0026ab_channel=MotasemHamdan\n\n### https://www.youtube.com/watch?v=KeSUiCr-WGo\u0026ab_channel=webpwnized\n\n### https://www.youtube.com/watch?v=pPU2XTFyRmU\u0026ab_channel=denimgroup\n\n### https://www.youtube.com/watch?v=wLfRz7rRsH4\u0026ab_channel=CyberSecurityTV\n\n### https://mediaspace.regis.edu/media/OWASP+ZAP+Overview+For+Website+Vulnerability+Scanning/1_zpnvcxvx\n\n### https://www.youtube.com/watch?v=YTs8GF2eaA0\u0026ab_channel=ParagDhali\n\n### https://www.youtube.com/watch?v=_MmDWenz-6U\u0026ab_channel=OracleDevelopers\n\n### https://portswigger.net/burp/documentation/desktop/scanning\n\n### https://www.youtube.com/watch?v=VP9eQhUASYQ\u0026ab_channel=PortSwigger\n\n### https://www.youtube.com/watch?v=W0O53inMaIY\u0026ab_channel=webpwnized\n\n### https://www.youtube.com/watch?v=1HDC6fKsKYE\u0026ab_channel=NullByte\n\n### https://www.youtube.com/watch?v=X3BGO9U8zuU\u0026ab_channel=CalebBucker\n\n### https://github.com/poerschke/Uniscan\n\n### https://github.com/We5ter/Scanners-Box\n\n### https://github.com/skavngr/rapidscan\n\n## User Enumeration and Brute Force \u0026 Bypass Attack\n\n### https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account\n\n### https://www.kaspersky.com/blog/username-enumeration-attack/34618/\n\n### https://www.vaadata.com/blog/user-enumerations-on-web-applications/\n\n### https://www.triaxiomsecurity.com/common-web-application-vulnerabilities-username-enumeration/\n\n### https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-subtly-different-responses\n\n### https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-different-responses\n\n### https://www.youtube.com/watch?v=fP0VVzPI4jQ\u0026ab_channel=Hacksplaining\n\n### https://www.youtube.com/watch?v=WCO7LnSlskE\u0026ab_channel=SubhankarAdhikary\n\n### https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-response-timing\n\n### https://www.youtube.com/watch?v=ZUKvet_BsoY\u0026ab_channel=ITProTV\n\n### https://www.youtube.com/watch?v=cL9NsXpUqYI\u0026ab_channel=HackerSploit\n\n### https://www.youtube.com/watch?v=_-0JKW3U0aU\u0026ab_channel=SathvikTechtuber\n\n### https://www.youtube.com/watch?v=fdb3U2EFLzo\u0026ab_channel=ISOEHIndianSchoolofEthicalHacking\n\n### https://portswigger.net/support/using-burp-to-brute-force-a-login-page\n\n### https://www.hacksplaining.com/prevention/user-enumeration\n\n## XPath injection with XCAT\n\n### https://www.oreilly.com/library/view/web-penetration-testing/9781788623377/4ebcd489-b08a-4074-988b-df61d373a6b5.xhtml\n\n### https://tomforb.es/exploiting-xpath-injection-vulnerabilities-with-xcat/\n\n### https://www.kitploit.com/2014/08/xcat-tool-that-aides-in-exploitation-of.html?m=0\n\n### https://www.hacking.land/2017/10/xcat-automate-xpath-injection-attacks.html\n\n### https://snyk.io/advisor/python/xcat\n\n### https://owasp.org/www-pdf-archive/HAAS_OWASP_NZ_13-Improving_XPath_Injection.pdf\n\n### https://book.hacktricks.xyz/pentesting-web/xpath-injection\n\n### https://www.youtube.com/watch?v=4yrGD9Xj-hY\u0026ab_channel=SecureCodeWarrior\n\n### https://www.youtube.com/watch?v=5ZDSPVp1TpM\u0026ab_channel=MotasemHamdan\n\n### https://www.youtube.com/watch?v=6tV8EuaHI9M\u0026ab_channel=Maurisec\n\n### https://www.youtube.com/watch?v=ySJwlMsFbco\u0026ab_channel=JohnHammond\n\n### https://www.youtube.com/watch?v=p3-ZfhaSRZ0\u0026ab_channel=ThiagoPereira\n\n### https://www.youtube.com/watch?v=AvOcikbZsik\u0026ab_channel=EthicalHackingandDigitalForensicsTutorial\n\n### https://www.youtube.com/watch?v=U-MZJ6rbqi4\u0026ab_channel=AutomationStepbyStep\n\n## SOAP Attacks\n\n### https://www.ws-attacks.org/SOAPAction_Spoofing\n\n### https://www.forumsys.com/wp-content/uploads/2014/01/Anatomy-of-a-Web-Services-Attack.pdf\n\n### https://resources.infosecinstitute.com/topic/soap-requests/\n\n### https://www.neuralegion.com/blog/top-7-soap-api-vulnerabilities/\n\n### https://blog.securelayer7.net/owasp-top-10-penetration-testing-soap-application-mitigation/\n\n### https://www.blackhat.com/presentations/bh-usa-05/bh-us-05-stamos.pdf\n\n### https://www.soapui.org/docs/security-testing/security-scans/sql-injection/\n\n### https://www.youtube.com/watch?v=UINLbiq19NQ\u0026ab_channel=90%27sHacks\n\n### https://www.youtube.com/watch?v=4tmvQ5a4200\u0026ab_channel=CyberSecurityTV\n\n### https://capec.mitre.org/data/definitions/110.html\n\n### https://www.mantisbt.org/bugs/view.php?id=16879\n\n### https://www.dionach.com/blog/web-services-blind-sql-injection/\n\n### https://resources.infosecinstitute.com/topic/soap-attack-2/\n\n### https://www.youtube.com/watch?v=jDcXub5grgM\u0026ab_channel=90%27sHacks\n\n## File and Resource Attacks\n\n### https://owasp.org/www-community/attacks/Resource_Injection\n\n### https://resources.infosecinstitute.com/topic/file-inclusion-attacks/\n\n### https://www.sciencedirect.com/topics/computer-science/attack-resource\n\n### https://www.imperva.com/learn/application-security/rfi-remote-file-inclusion/\n\n### https://portswigger.net/web-security/file-path-traversal\n\n### https://www.neuralegion.com/blog/local-file-inclusion-lfi/\n\n### https://www.neuralegion.com/blog/file-inclusion-vulnerabilities/\n\n### https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/reflected-file-download-a-new-web-attack-vector/\n\n### https://www.onsecurity.io/blog/file-upload-checklist/\n\n### https://medium.com/@juangrimm/o-que-%C3%A9-lfi-hacking-3bc709dfb5da\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybersecurityup%2Fewpt-preparation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcybersecurityup%2Fewpt-preparation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybersecurityup%2Fewpt-preparation/lists"}