awesome-web-security

🐶 A curated list of Web Security materials and resources.
https://github.com/qazbnm456/awesome-web-security

Last synced: about 5 hours ago
JSON representation

Tools
- Proxy
  - Charles - HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet.
  - mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers by [@mitmproxy](https://github.com/mitmproxy).
- Reconnaissance
  - Shodan - Shodan is the world's first search engine for Internet-connected devices by [@shodanhq](https://twitter.com/shodanhq).
  - urlscan.io - Service which analyses websites and the resources they request by [@heipei](https://twitter.com/heipei).
  - ZoomEye - Cyberspace Search Engine by [@zoomeye_team](https://twitter.com/zoomeye_team).
  - peoplefindThor - the easy way to find people on Facebook by [postkassen](mailto:postkassen@oejvind.dk?subject=peoplefindthor.dk comments).
  - Certificate Search - Enter an Identity (Domain Name, Organization Name, etc), a Certificate Fingerprint (SHA-1 or SHA-256) or a crt.sh ID to search certificate(s) by [@crtsh](https://github.com/crtsh).
  - FOFA - Cyberspace Search Engine by [BAIMAOHUI](http://baimaohui.net/).
  - NSFOCUS - THREAT INTELLIGENCE PORTAL by NSFOCUS GLOBAL.
  - Databases - start.me - Various databases which you can use for your OSINT research by [@technisette](https://twitter.com/technisette).
  - VirusTotal domain information - Searching for domain information by [VirusTotal](https://www.virustotal.com/).
  - EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible by [@ChrisTruncer](https://github.com/ChrisTruncer).
  - gitrob - Reconnaissance tool for GitHub organizations by [@michenriksen](https://github.com/michenriksen).
  - AQUATONE - Tool for Domain Flyovers by [@michenriksen](https://github.com/michenriksen).
  - Certificate Transparency - Google's Certificate Transparency project fixes several structural flaws in the SSL certificate system by [@google](https://github.com/google).
  - Sublist3r - Sublist3r is a multi-threaded sub-domain enumeration tool for penetration testers by [@aboul3la](https://github.com/aboul3la).
  - Photon - Incredibly fast crawler designed for OSINT by [@s0md3v](https://github.com/s0md3v).
  - domain_analyzer - Analyze the security of any domain by finding all the information possible by [@eldraco](https://github.com/eldraco).
  - xray - XRay is a tool for recon, mapping and OSINT gathering from public networks by [@evilsocket](https://github.com/evilsocket).
  - Raccoon - High performance offensive security tool for reconnaissance and vulnerability scanning by [@evyatarmeged](https://github.com/evyatarmeged).
  - ReconDog - Reconnaissance Swiss Army Knife by [@s0md3v](https://github.com/s0md3v).
  - FOCA - FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans by [ElevenPaths](https://www.elevenpaths.com/index.html).
  - GSIL - Github Sensitive Information Leakage（Github敏感信息泄露）by [@FeeiCN](https://github.com/FeeiCN).
  - tinfoleak - The most complete open-source tool for Twitter intelligence analysis by [@vaguileradiaz](https://github.com/vaguileradiaz).
  - raven - raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin by [@0x09AL](https://github.com/0x09AL).
  - subDomainsBrute - A simple and fast sub domain brute tool for pentesters by [@lijiejie](https://github.com/lijiejie).
  - GSDF - Domain searcher named GoogleSSLdomainFinder by [@We5ter](https://github.com/We5ter).
  - ZoomEye - Cyberspace Search Engine by [@zoomeye_team](https://twitter.com/zoomeye_team).
  - SpiderFoot - Open source footprinting and intelligence-gathering tool by [@binarypool](https://twitter.com/binarypool).
  - Social Mapper - Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf) by [@SpiderLabs](https://github.com/SpiderLabs).
  - espi0n/Dockerfiles - Dockerfiles for various OSINT tools by [@espi0n](https://github.com/espi0n).
  - VirusTotal domain information - Searching for domain information by [VirusTotal](https://www.virustotal.com/).
- Penetration Testing
  - grayhatwarfare - Public buckets by [grayhatwarfare](http://www.grayhatwarfare.com/).
  - Astra - Automated Security Testing For REST API's by [@flipkart-incubator](https://github.com/flipkart-incubator).
  - aws_pwn - A collection of AWS penetration testing junk by [@dagrz](https://github.com/dagrz).
  - TIDoS-Framework - A comprehensive web application audit framework to cover up everything from Reconnaissance and OSINT to Vulnerability Analysis by [@_tID](https://github.com/theInfectedDrake).
- Detecting
  - GuardRails - A GitHub App that provides security feedback in Pull Requests.
  - sqlchop - SQL injection detection engine by [chaitin](http://chaitin.com).
  - xsschop - XSS detection engine by [chaitin](http://chaitin.com).
  - retire.js - Scanner detecting the use of JavaScript libraries with known vulnerabilities by [@RetireJS](https://github.com/RetireJS).
  - bXSS - bXSS is a simple Blind XSS application adapted from [cure53.de/m](https://cure53.de/m) by [@LewisArdern](https://github.com/LewisArdern).
  - malware-jail - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction by [@HynekPetrak](https://github.com/HynekPetrak).
  - repo-supervisor - Scan your code for security misconfiguration, search for passwords and secrets.
- Decompiler
  - CFR - Another java decompiler by [@LeeAtBenf](https://twitter.com/LeeAtBenf).
- Scanning
  - WAScan - Is an open source web application security scanner that uses "black-box" method, created by [@m4ll0k](https://github.com/m4ll0k).
  - wpscan - WPScan is a black box WordPress vulnerability scanner by [@wpscanteam](https://github.com/wpscanteam).
  - Nuclei - Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use by [@projectdiscovery](https://github.com/projectdiscovery).
  - JoomlaScan - Free software to find the components installed in Joomla CMS, built out of the ashes of Joomscan by [@drego85](https://github.com/drego85).
- Offensive
  - csp evaluator - A tool for evaluating content-security-policies by [Csper](http://csper.io).
  - Open redirect/SSRF payload generator - Open redirect/SSRF payload generator by [intigriti](https://www.intigriti.com/).
  - sqlmap - Automatic SQL injection and database takeover tool.
  - beef - The Browser Exploitation Framework Project by [beefproject](https://beefproject.com).
  - xssor2 - XSS'OR - Hack with JavaScript by [@evilcos](https://github.com/evilcos).
  - XSRFProbe - The Prime CSRF Audit & Exploitation Toolkit by [@0xInfection](https://github.com/0xinfection).
  - XSStrike - XSStrike is a program which can fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs by [@s0md3v](https://github.com/s0md3v).
  - tplmap - Code and Server-Side Template Injection Detection and Exploitation Tool by [@epinna](https://github.com/epinna).
  - JShell - Get a JavaScript shell with XSS by [@s0md3v](https://github.com/s0md3v).
  - dtd-finder - List DTDs and generate XXE payloads using those local DTDs by [@GoSecure](https://github.com/GoSecure).
- Preventing
  - Csper - A set of tools for building/evaluating/monitoring content-security-policy to prevent/detect cross site scripting by [Csper](https://csper.io).
  - Acra - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https://www.cossacklabs.com/).
  - DOMPurify - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by [Cure53](https://cure53.de/).
  - js-xss - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https://github.com/leizongmin).
  - Csper - A set of tools for building/evaluating/monitoring content-security-policy to prevent/detect cross site scripting by [Csper](https://csper.io).
- Others
  - Dnslogger - DNS Logger by [@iagox86](https://github.com/iagox86).
  - CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis - by [@GCHQ](https://github.com/gchq).
  - ctftool - Interactive CTF Exploration Tool by [@taviso](https://github.com/taviso).
  - cefdebug - Minimal code to connect to a CEF debugger by [@taviso](https://github.com/taviso).
  - ntlm_challenger - Parse NTLM over HTTP challenge messages by [@b17zr](https://github.com/b17zr).
- Webshell
  - reverse-shell - Reverse Shell as a Service by [@lukechilds](https://github.com/lukechilds).
  - webshell - This is a webshell open source project by [@tennc](https://github.com/tennc).
  - Weevely - Weaponized web shell by [@epinna](https://github.com/epinna).
  - PhpSploit - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner by [@nil0x42](https://github.com/nil0x42).
  - nano - Family of code golfed PHP shells by [@s0md3v](https://github.com/s0md3v).
  - Reverse-Shell-Manager - Reverse Shell Manager via Terminal [@WangYihang](https://github.com/WangYihang).
  - Webshell-Sniper - Manage your website via terminal by [@WangYihang](https://github.com/WangYihang).
- Disassembler
  - Iaitō - Qt and C++ GUI for radare2 reverse engineering framework by [@hteso](https://github.com/hteso).
  - plasma - Plasma is an interactive disassembler for x86/ARM/MIPS by [@plasma-disassembler](https://github.com/plasma-disassembler).
- Leaking
  - GitMiner - Tool for advanced mining for content on Github by [@UnkL4b](https://github.com/UnkL4b).
  - snallygaster - Tool to scan for secret files on HTTP servers by [@hannob](https://github.com/hannob).
  - LinkFinder - Python script that finds endpoints in JavaScript files by [@GerbenJavado](https://github.com/GerbenJavado).
  - CSS-Keylogging - Chrome extension and Express server that exploits keylogging abilities of CSS by [@maxchehab](https://github.com/maxchehab).
  - dvcs-ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG... by [@kost](https://github.com/kost).
  - HTTPLeaks - All possible ways, a website can leak HTTP requests by [@cure53](https://github.com/cure53).
  - gitleaks - Searches full repo history for secrets and keys by [@zricethezav](https://github.com/zricethezav).
  - DVCS-Pillage - Pillage web accessible GIT, HG and BZR repositories by [@evilpacket](https://github.com/evilpacket).
  - pwngitmanager - Git manager for pentesters by [@allyshka](https://github.com/allyshka).
- Command Injection
  - commix - Automated All-in-One OS command injection and exploitation tool by [@commixproject](https://github.com/commixproject).
- Fuzzing
  - fuzz.txt - Potentially dangerous files by [@Bo0oM](https://github.com/Bo0oM).
  - FuzzDB - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  - wfuzz - Web application bruteforcer by [@xmendez](https://github.com/xmendez).
  - dirhunt - Web crawler optimized for searching and analyzing the directory structure of a site by [@nekmo](https://github.com/Nekmo).
  - ssltest - Online service that performs a deep analysis of the configuration of any SSL web server on the public internet. Provided by [Qualys SSL Labs](https://www.ssllabs.com).
  - charsetinspect - Script that inspects multi-byte character sets looking for characters with specific user-defined properties by [@hack-all-the-things](https://github.com/hack-all-the-things).
  - IPObfuscator - Simple tool to convert the IP to a DWORD IP by [@OsandaMalith](https://github.com/OsandaMalith).
- Auditing
  - A2SV - Auto Scanning to SSL Vulnerability by [@hahwul](https://github.com/hahwul).
  - slurp - Evaluate the security of S3 buckets by [@hehnope](https://github.com/hehnope).
  - prowler - Tool for AWS security assessment, auditing and hardening by [@Alfresco](https://github.com/Alfresco).
- DNS Rebinding
  - Singularity of Origin - It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine by [@nccgroup](https://github.com/nccgroup)
  - Whonow DNS Server - A malicious DNS server for executing DNS Rebinding attacks on the fly by [@brannondorsey](https://github.com/brannondorsey)
  - DNS Rebind Toolkit - DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN) by [@brannondorsey](https://github.com/brannondorsey)
  - dref - DNS Rebinding Exploitation Framework. Dref does the heavy-lifting for DNS rebinding by [@mwrlabs](https://github.com/mwrlabs)
- Code Generating
  - VWGen - Vulnerable Web applications Generator by [@qazbnm456](https://github.com/qazbnm456).
Forums
- The Hacker News - Security in a serious way.
- Phrack Magazine - Ezine written by and for hackers.
- HackDig - Dig high-quality web security articles for hacker.
- Dark Reading - Connecting The Information Security Community.
- Phrack Magazine - Ezine written by and for hackers.
- Security Weekly - The security podcast network.
- The Register - Biting the hand that feeds IT.
- HackDig - Dig high-quality web security articles for hacker.
Practices
- AWS
  - FLAWS - Amazon AWS CTF challenge - Written by [@0xdabbad00](https://twitter.com/0xdabbad00).
  - CloudGoat - Rhino Security Labs' "Vulnerable by Design" AWS infrastructure setup tool - Written by [@RhinoSecurityLabs](https://github.com/RhinoSecurityLabs).
  - FLAWS - Amazon AWS CTF challenge - Written by [@0xdabbad00](https://twitter.com/0xdabbad00).
- Application
  - Portswigger Web Security Academy - Free trainings and labs - Written by [PortSwigger](https://portswigger.net/).
  - SELinux Game - Learn SELinux by doing. Solve Puzzles, show skillz - Written by [@selinuxgame](https://twitter.com/selinuxgame).
  - OWASP Juice Shop - Probably the most modern and sophisticated insecure web application - Written by [@bkimminich](https://github.com/bkimminich) and the [@owasp_juiceshop](https://twitter.com/owasp_juiceshop) team.
  - BadLibrary - Vulnerable web application for training - Written by [@SecureSkyTechnology](https://github.com/SecureSkyTechnology).
  - Hackxor - Realistic web application hacking game - Written by [@albinowax](https://twitter.com/albinowax).
- XSS
  - alert(1) to win - Series of XSS challenges - Written by [@steike](https://twitter.com/steike).
  - XSS game - Google XSS Challenge - Written by Google.
  - XSS Challenges - Series of XSS challenges - Written by yamagata21.
  - XSS Challenges - Series of XSS challenges - Written by yamagata21.
- ModSecurity / OWASP ModSecurity Core Rule Set
  - ModSecurity / OWASP ModSecurity Core Rule Set - Series of tutorials to install, configure and tune ModSecurity and the Core Rule Set - Written by [@ChrFolini](https://twitter.com/ChrFolini).
Digests
- Hacker101 - Written by [hackerone](https://www.hackerone.com/start-hacking).
- The Magic of Learning - Written by [@bitvijays](https://bitvijays.github.io/aboutme.html).
- The Daily Swig - Web security digest - Written by [PortSwigger](https://portswigger.net/).
- tl;dr sec - Weekly summary of top security tools, blog posts, and security research.
- Web Application Security Zone by Netsparker - Written by [Netsparker](https://www.netsparker.com/).
- Infosec Newbie - Written by [Mark Robinson](https://www.sneakymonkey.net/).
- CTF Field Guide - Written by [Trail of Bits](https://www.trailofbits.com/).
- Web Application Security Zone by Netsparker - Written by [Netsparker](https://www.netsparker.com/).
- PayloadsAllTheThings - Written by [@swisskyrepo](https://github.com/swisskyrepo).
- Infosec Newbie - Written by [Mark Robinson](https://www.sneakymonkey.net/).
Social Engineering Database
- Others
  - haveibeenpwned - Check if you have an account that has been compromised in a data breach by [Troy Hunt](https://www.troyhunt.com/).
Introduction
- Crypto
  - Applied Crypto Hardening - Written by [The bettercrypto.org Team](https://bettercrypto.org/).
  - What is a Side-Channel Attack ? - Written by [J.M Porup](https://www.csoonline.com/author/J.M.-Porup/).
  - What is a Side-Channel Attack ? - Written by [J.M Porup](https://www.csoonline.com/author/J.M.-Porup/).
- AWS
  - PENETRATION TESTING AWS STORAGE: KICKING THE S3 BUCKET - Written by Dwight Hohnstein from [Rhino Security Labs](https://rhinosecuritylabs.com/).
  - AWS PENETRATION TESTING PART 1. S3 BUCKETS - Written by [VirtueSecurity](https://www.virtuesecurity.com/).
  - AWS PENETRATION TESTING PART 2. S3, IAM, EC2 - Written by [VirtueSecurity](https://www.virtuesecurity.com/).
  - Misadventures in AWS - Written by Christian Demko
- XSS - Cross-Site Scripting
  - C.XSS Guide - Written by [@JakobKallin](https://github.com/JakobKallin) and [Irene Lobo Valbuena](https://www.linkedin.com/in/irenelobovalbuena/).
  - Cross-Site Scripting – Application Security – Google - Written by [Google](https://www.google.com/).
  - A talk about XSS thousand knocks - Written by [Yu Yagihashi](https://speakerdeck.com/yagihashoo).
  - THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS - Written by [Paulos Yibelo](http://www.paulosyibelo.com/).
  - クロスサイトスクリプティングの仕組みと攻撃を回避する７つの対策 - Written by [McAfee Blog](https://blogs.mcafee.jp/).
  - PayloadsAllTheThings - XSS Injection - Written by [@swisskyrepo](https://github.com/swisskyrepo).
  - H5SC - Written by [@cure53](https://github.com/cure53).
  - AwesomeXSS - Written by [@s0md3v](https://github.com/s0md3v).
  - XSS.png - Written by @jackmasa.- [C.XSS Guide](https://excess-xss.com/) - Written by [@JakobKallin](https://github.com/JakobKallin) and [Irene Lobo Valbuena](https://www.linkedin.com/in/irenelobovalbuena/).
  - payloadbox/xss-payload-list - Written by [@payloadbox](https://github.com/payloadbox).
  - Cross-Site Scripting – Application Security – Google - Written by [Google](https://www.google.com/).
  - THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS - Written by [Paulos Yibelo](http://www.paulosyibelo.com/).
  - クロスサイトスクリプティングの仕組みと攻撃を回避する７つの対策 - Written by [McAfee Blog](https://blogs.mcafee.jp/).
- CSV Injection
  - The Absurdly Underestimated Dangers of CSV Injection - Written by [George Mauer](http://georgemauer.net/).
  - CSV Injection -> Meterpreter on Pornhub - Written by [Andy](https://blog.zsec.uk/).
  - PayloadsAllTheThings - CSV Injection - Written by [@swisskyrepo](https://github.com/swisskyrepo).
- Upload
  - PayloadsAllTheThings - Upload Insecure Files - Written by [@swisskyrepo](https://github.com/swisskyrepo).
  - File Upload Restrictions Bypass - Written by [Haboob Team](https://www.exploit-db.com/author/?a=9381).
- CSRF - Cross-Site Request Forgery
  - PayloadsAllTheThings - CSRF Injection - Written by [@swisskyrepo](https://github.com/swisskyrepo).
  - Wiping Out CSRF - Written by [@jrozner](https://medium.com/@jrozner).
- Deserialization
  - HOW TO EXPLOIT LIFERAY CVE-2020-7961 : QUICK JOURNEY TO POC - Written by [@synacktiv](https://twitter.com/synacktiv).
  - Attacking .NET deserialization - Written by [@pwntester](https://twitter.com/pwntester).
  - .NET Roulette: Exploiting Insecure Deserialization in Telerik UI - Written by [@noperator](https://twitter.com/noperator).
  - How to exploit the DotNetNuke Cookie Deserialization - Written by [CRISTIAN CORNEA](https://pentest-tools.com/blog/author/pentest-cristian/).
  - How to exploit the DotNetNuke Cookie Deserialization - Written by [CRISTIAN CORNEA](https://pentest-tools.com/blog/author/pentest-cristian/).
- JWT
  - Hardcoded secrets, unverified tokens, and other common JWT mistakes - Written by [@ermil0v](https://twitter.com/ermil0v).
  - Hardcoded secrets, unverified tokens, and other common JWT mistakes - Written by [@ermil0v](https://twitter.com/ermil0v).
- Prototype Pollution
  - Prototype pollution attack in NodeJS application - Written by [@HoLyVieR](https://github.com/HoLyVieR).
  - Exploiting prototype pollution – RCE in Kibana (CVE-2019-7609) - Written by [@securitymb](https://twitter.com/securitymb).
  - Real-world JS - 1 - Written by [@po6ix](https://twitter.com/po6ix).
  - Real-world JS - 1 - Written by [@po6ix](https://twitter.com/po6ix).
- SQL Injection
  - SQL Injection Wiki - Written by [NETSPI](https://www.netspi.com/).
  - SQL Injection Pocket Reference - Written by [@LightOS](https://twitter.com/LightOS).
  - PayloadsAllTheThings - SQL Injection - Written by [@swisskyrepo](https://github.com/swisskyrepo).
  - payloadbox/sql-injection-payload-list - Written by [@payloadbox](https://github.com/payloadbox).
  - SQL Injection Cheat Sheet - Written by [@netsparker](https://twitter.com/netsparker).
- Command Injection
  - rubyでopenコマンドを使用するときに気をつけること - Written by [金子将範](http://www.lanches.co.jp/author/rubyist).
  - Potential command injection in resolv.rb - Written by [@drigg3r](https://github.com/drigg3r).
  - PayloadsAllTheThings - Command Injection - Written by [@swisskyrepo](https://github.com/swisskyrepo).
  - payloadbox/command-injection-payload-list - Written by [@payloadbox](https://github.com/payloadbox).
  - rubyでopenコマンドを使用するときに気をつけること - Written by [金子将範](http://www.lanches.co.jp/author/rubyist).
- ORM Injection
  - HQL for pentesters - Written by [@h3xstream](https://twitter.com/h3xstream/).
  - HQL : Hyperinsane Query Language (or how to access the whole SQL API within a HQL injection ?) - Written by [@_m0bius](https://twitter.com/_m0bius).
  - ORM2Pwn: Exploiting injections in Hibernate ORM - Written by [Mikhail Egorov](https://0ang3el.blogspot.tw/).
  - ORM Injection - Written by [Simone Onofri](https://onofri.org/).
  - HQL for pentesters - Written by [@h3xstream](https://twitter.com/h3xstream/).
  - ORM2Pwn: Exploiting injections in Hibernate ORM - Written by [Mikhail Egorov](https://0ang3el.blogspot.tw/).
  - ORM Injection - Written by [Simone Onofri](https://onofri.org/).
- FTP Injection
  - SMTP over XXE − how to send emails using Java's XML parser - Written by [Alexander Klink](https://shiftordie.de/).
  - Advisory: Java/Python FTP Injections Allow for Firewall Bypass - Written by [Timothy Morgan](https://plus.google.com/105917618099766831589).
- XXE - XML eXternal Entity
  - XXE - Written by [@phonexicum](https://twitter.com/phonexicum).
  - XML external entity (XXE) injection - Written by [portswigger](https://portswigger.net/).
  - XML Schema, DTD, and Entity Attacks - Written by [Timothy D. Morgan](https://twitter.com/ecbftw) and Omar Al Ibrahim.
  - PayloadsAllTheThings - XXE Injection - Written by various contributors.
  - payloadbox/xxe-injection-payload-list - Written by [@payloadbox](https://github.com/payloadbox).
- Clickjacking
  - Clickjacking - Written by [Imperva](https://www.imperva.com/).
  - X-Frame-Options: All about Clickjacking? - Written by [Mario Heiderich](http://www.slideshare.net/x00mario).
  - X-Frame-Options: All about Clickjacking? - Written by [Mario Heiderich](http://www.slideshare.net/x00mario).
- SSRF - Server-Side Request Forgery
  - SSRF bible. Cheatsheet - Written by [Wallarm](https://wallarm.com/).
  - PayloadsAllTheThings - Server-Side Request Forgery - Written by [@swisskyrepo](https://github.com/swisskyrepo).
- Web Cache Poisoning
  - Practical Web Cache Poisoning - Written by [@albinowax](https://twitter.com/albinowax).
  - PayloadsAllTheThings - Web Cache Deception - Written by [@swisskyrepo](https://github.com/swisskyrepo).
  - Practical Web Cache Poisoning - Written by [@albinowax](https://twitter.com/albinowax).
- Relative Path Overwrite
  - Large-scale analysis of style injection by relative path overwrite - Written by [The Morning Paper](https://blog.acolyer.org/).
  - MBSD Technical Whitepaper - A few RPO exploitation techniques - Written by [Mitsui Bussan Secure Directions, Inc.](https://www.mbsd.jp/).
- Open Redirect
  - Open Redirect Vulnerability - Written by [s0cket7](https://s0cket7.com/).
  - PayloadsAllTheThings - Open Redirect - Written by [@swisskyrepo](https://github.com/swisskyrepo).
  - payloadbox/open-redirect-payload-list - Written by [@payloadbox](https://github.com/payloadbox).
- Security Assertion Markup Language (SAML)
  - How to Hunt Bugs in SAML; a Methodology - Part I - Written by [epi](https://epi052.gitlab.io/notes-to-self/).
  - How to Hunt Bugs in SAML; a Methodology - Part II - Written by [epi](https://epi052.gitlab.io/notes-to-self/).
  - How to Hunt Bugs in SAML; a Methodology - Part III - Written by [epi](https://epi052.gitlab.io/notes-to-self/).
  - PayloadsAllTheThings - SAML Injection - Written by [@swisskyrepo](https://github.com/swisskyrepo).
- Rails
  - Rails Security - First part - Written by [@qazbnm456](https://github.com/qazbnm456).
  - Zen Rails Security Checklist - Written by [@brunofacca](https://github.com/brunofacca).
  - Rails Security - First part - Written by [@qazbnm456](https://github.com/qazbnm456).
  - Rails SQL Injection - Written by [@presidentbeef](https://github.com/presidentbeef).
  - Official Rails Security Guide - Written by [Rails team](https://rubyonrails.org/).
- AngularJS
  - XSS without HTML: Client-Side Template Injection with AngularJS - Written by [Gareth Heyes](https://www.blogger.com/profile/10856178524811553475).
  - DOM based Angular sandbox escapes - Written by [@garethheyes](https://twitter.com/garethheyes)
  - XSS without HTML: Client-Side Template Injection with AngularJS - Written by [Gareth Heyes](https://www.blogger.com/profile/10856178524811553475).
  - DOM based Angular sandbox escapes - Written by [@garethheyes](https://twitter.com/garethheyes)
- ReactJS
  - XSS via a spoofed React element - Written by [Daniel LeCheminant](http://danlec.com/).
  - XSS via a spoofed React element - Written by [Daniel LeCheminant](http://danlec.com/).
- SSL/TLS
  - SSL & TLS Penetration Testing - Written by [APTIVE](https://www.aptive.co.uk/).
  - Practical introduction to SSL/TLS - Written by [@Hakky54](https://github.com/Hakky54).
- NFS
  - NFS | PENETRATION TESTING ACADEMY - Written by [PENETRATION ACADEMY](https://pentestacademy.wordpress.com/).
  - NFS | PENETRATION TESTING ACADEMY - Written by [PENETRATION ACADEMY](https://pentestacademy.wordpress.com/).
- Azure
  - Common Azure Security Vulnerabilities and Misconfigurations - Written by [@rhinobenjamin](https://twitter.com/rhinobenjamin).
  - Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability - Written by [@spengietz](https://twitter.com/spengietz).
- Sub Domain Enumeration
  - The Art of Subdomain Enumeration - Written by [Patrik Hudak](https://blog.sweepatic.com/author/patrik/).
  - A penetration tester’s guide to sub-domain enumeration - Written by [Bharath](https://blog.appsecco.com/@yamakira_).
  - The Art of Subdomain Enumeration - Written by [Patrik Hudak](https://blog.sweepatic.com/author/patrik/).
- Web Shell
  - Hunting for Web Shells - Written by [Jacob Baines](https://www.tenable.com/profile/jacob-baines).
  - Hacking with JSP Shells - Written by [@_nullbind](https://twitter.com/_nullbind).
  - Hacking with JSP Shells - Written by [@_nullbind](https://twitter.com/_nullbind).
- OSINT
  - Hacking Cryptocurrency Miners with OSINT Techniques - Written by [@s3yfullah](https://medium.com/@s3yfullah).
  - OSINT x UCCU Workshop on Open Source Intelligence - Written by [Philippe Lin](https://www.slideshare.net/miaoski).
  - 102 Deep Dive in the Dark Web OSINT Style Kirby Plessas - Presented by [@kirbstr](https://twitter.com/kirbstr).
  - The most complete guide to finding anyone’s email - Written by [Timur Daudpota](https://www.blurbiz.io/).
  - Hacking Cryptocurrency Miners with OSINT Techniques - Written by [@s3yfullah](https://medium.com/@s3yfullah).
  - OSINT x UCCU Workshop on Open Source Intelligence - Written by [Philippe Lin](https://www.slideshare.net/miaoski).
  - The most complete guide to finding anyone’s email - Written by [Timur Daudpota](https://www.blurbiz.io/).
- DNS Rebinding
  - Attacking Private Networks from the Internet with DNS Rebinding - Written by [@brannondorsey](https://medium.com/@brannondorsey)
  - Hacking home routers from the Internet - Written by [@radekk](https://medium.com/@radekk)
- OAuth
  - Introduction to OAuth 2.0 and OpenID Connect - Written by [@PhilippeDeRyck](https://twitter.com/PhilippeDeRyck).
  - What is going on with OAuth 2.0? And why you should not use it for authentication. - Written by [@damianrusinek](https://medium.com/@damianrusinek).
- Webmail
  - Why mail() is dangerous in PHP - Written by [Robin Peraglie](https://www.ripstech.com/).
PoCs
- Database
  - Exploit Database - ultimate archive of Exploits, Shellcode, and Security Papers by [Offensive Security](https://www.offensive-security.com/).
  - SPLOITUS - Exploits & Tools Search Engine by [@i_bo0om](https://twitter.com/i_bo0om).
  - Some-PoC-oR-ExP - 各种漏洞poc、Exp的收集或编写 by [@coffeehb](https://github.com/coffeehb).
  - awesome-cve-poc - Curated list of CVE PoCs by [@qazbnm456](https://github.com/qazbnm456).
  - js-vuln-db - Collection of JavaScript engine CVEs with PoCs by [@tunz](https://github.com/tunz).
  - uxss-db - Collection of UXSS CVEs with PoCs by [@Metnew](https://github.com/Metnew).
Evasions
- CSP
  - GitHub's CSP journey - Written by [@ptoomey3](https://github.com/ptoomey3).
  - GitHub's post-CSP journey - Written by [@ptoomey3](https://github.com/ptoomey3).
  - Any protection against dynamic module import? - Written by [@shhnjk](https://twitter.com/@shhnjk).
  - CSP: bypassing form-action with reflected XSS - Written by [Detectify Labs](https://labs.detectify.com/).
  - TWITTER XSS + CSP BYPASS - Written by [Paulos Yibelo](http://www.paulosyibelo.com/).
  - Neatly bypassing CSP - Written by [Wallarm](https://wallarm.com/).
  - Evading CSP with DOM-based dangling markup - Written by [portswigger](https://portswigger.net/).
  - CSP: bypassing form-action with reflected XSS - Written by [Detectify Labs](https://labs.detectify.com/).
  - TWITTER XSS + CSP BYPASS - Written by [Paulos Yibelo](http://www.paulosyibelo.com/).
  - Neatly bypassing CSP - Written by [Wallarm](https://wallarm.com/).
  - Evading CSP with DOM-based dangling markup - Written by [portswigger](https://portswigger.net/).
- WAF
  - Web Application Firewall (WAF) Evasion Techniques - Written by [@secjuice](https://twitter.com/secjuice).
  - Web Application Firewall (WAF) Evasion Techniques #2 - Written by [@secjuice](https://twitter.com/secjuice).
  - Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities - Written by [@Brett Buerhaus](https://twitter.com/bbuerhaus).
  - How to bypass libinjection in many WAF/NGWAF - Written by [@d0znpp](https://medium.com/@d0znpp).
  - Web Application Firewall (WAF) Evasion Techniques - Written by [@secjuice](https://twitter.com/secjuice).
  - Web Application Firewall (WAF) Evasion Techniques #2 - Written by [@secjuice](https://twitter.com/secjuice).
  - How to bypass libinjection in many WAF/NGWAF - Written by [@d0znpp](https://medium.com/@d0znpp).
- XXE
  - Bypass Fix of OOB XXE Using Different encoding - Written by [@SpiderSec](https://twitter.com/SpiderSec).
  - Bypass Fix of OOB XXE Using Different encoding - Written by [@SpiderSec](https://twitter.com/SpiderSec).
- Authentication
  - Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) - Written by [@malerisch](https://twitter.com/malerisch) and [@steventseeley](https://twitter.com/steventseeley).
  - Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) - Written by [@malerisch](https://twitter.com/malerisch) and [@steventseeley](https://twitter.com/steventseeley).
- JSMVC
  - JavaScript MVC and Templating Frameworks - Written by [Mario Heiderich](http://www.slideshare.net/x00mario).
  - JavaScript MVC and Templating Frameworks - Written by [Mario Heiderich](http://www.slideshare.net/x00mario).
Twitter Users
- Others
  - @HackwithGitHub - Initiative to showcase open source hacking tools for hackers and pentesters
  - @filedescriptor - Active penetrator often tweets and writes useful articles
  - @cure53berlin - [Cure53](https://cure53.de/) is a German cybersecurity firm.
  - @XssPayloads - The wonderland of JavaScript unexpected usages, and more.
  - @kinugawamasato - Japanese web penetrator.
  - @h3xstream - Security Researcher, interested in web security, crypto, pentest, static analysis but most of all, samy is my hero.
  - @garethheyes - English web penetrator.
  - @hasegawayosuke - Japanese javascript security researcher.
  - @shhnjk - Web and Browsers Security Researcher.
  - @HackwithGitHub - Initiative to showcase open source hacking tools for hackers and pentesters
  - @kinugawamasato - Japanese web penetrator.
  - @filedescriptor - Active penetrator often tweets and writes useful articles
  - @cure53berlin - [Cure53](https://cure53.de/) is a German cybersecurity firm.
  - @XssPayloads - The wonderland of JavaScript unexpected usages, and more.
  - @h3xstream - Security Researcher, interested in web security, crypto, pentest, static analysis but most of all, samy is my hero.
  - @garethheyes - English web penetrator.
  - @hasegawayosuke - Japanese javascript security researcher.
  - @shhnjk - Web and Browsers Security Researcher.
Miscellaneous
- ModSecurity / OWASP ModSecurity Core Rule Set
  - Escape and Evasion Egressing Restricted Networks - Written by [Chris Patten, Tom Steele](info@optiv.com).
  - WEB APPLICATION PENETRATION TESTING NOTES - Written by [Jayson](https://techvomit.net/).
  - The Definitive Security Data Science and Machine Learning Guide - Written by JASON TROS.
  - Google VRP and Unicorns - Written by [Daniel Stelter-Gliese](https://www.linkedin.com/in/daniel-stelter-gliese-170a70a2/).
  - Brute Forcing Your Facebook Email and Phone Number - Written by [PwnDizzle](http://pwndizzle.blogspot.jp/).
  - Pentest + Exploit dev Cheatsheet wallpaper - Penetration Testing and Exploit Dev CheatSheet.
  - A glimpse into GitHub's Bug Bounty workflow - Written by [@gregose](https://github.com/gregose).
  - Cybersecurity Campaign Playbook - Written by [Belfer Center for Science and International Affairs](https://www.belfercenter.org/).
  - Internet of Things Scanner - Check if your internet-connected devices at home are public on Shodan by [BullGuard](https://www.bullguard.com/).
  - The Bug Hunters Methodology v2.1 - Written by [@jhaddix](https://twitter.com/jhaddix).
  - $7.5k Google services mix-up - Written by [Ezequiel Pereira](https://sites.google.com/site/testsitehacking/).
  - How I exploited ACME TLS-SNI-01 issuing Let's Encrypt SSL-certs for any domain using shared hosting - Written by [@fransrosen](https://twitter.com/fransrosen).
  - TL:DR: VPN leaks users’ IPs via WebRTC. I’ve tested seventy VPN providers and 16 of them leaks users’ IPs via WebRTC (23%) - Written by [voidsec](https://voidsec.com/).
  - Be careful what you copy: Invisibly inserting usernames into text with Zero-Width Characters - Written by [@umpox](https://medium.com/@umpox).
  - Domato Fuzzer's Generation Engine Internals - Written by [sigpwn](https://www.sigpwn.io/).
  - CSS Is So Overpowered It Can Deanonymize Facebook Users - Written by [Ruslan Habalov](https://www.evonide.com/).
  - Introduction to Web Application Security - Written by [@itsC0rg1](https://twitter.com/itsC0rg1), [@jmkeads](https://twitter.com/jmkeads) and [@matir](https://twitter.com/matir).
  - Finding The Real Origin IPs Hiding Behind CloudFlare or TOR - Written by [Paul Dannewitz](https://www.secjuice.com/author/paul-dannewitz/).
  - Why Facebook's api starts with a for loop - Written by [@AntoGarand](https://twitter.com/AntoGarand).
  - How I could have stolen your photos from Google - my first 3 bug bounty writeups - Written by [@gergoturcsanyi](https://twitter.com/gergoturcsanyi).
  - An example why NAT is NOT security - Written by [@0daywork](https://twitter.com/@0daywork).
  - Hacking with a Heads Up Display - Written by [David Scrobonia](https://segment.com/blog/authors/david-scrobonia/).
  - Alexa Top 1 Million Security - Hacking the Big Ones - Written by [@slashcrypto](https://twitter.com/slashcrypto).
  - The bug bounty program that changed my life - Written by [Gwen](http://10degres.net/).
  - List of bug bounty writeups - Written by [Mariem](https://pentester.land/).
  - Implications of Loading .NET Assemblies - Written by [Brian Wallace](https://threatvector.cylance.com/en_us/contributors/brian-wallace.html).
  - WCTF2019: Gyotaku The Flag - Written by [@t0nk42](https://twitter.com/t0nk42).
  - DOS File Path Magic Tricks - Written by [@clr2of8](https://medium.com/@clr2of8).
  - How we abused Slack's TURN servers to gain access to internal services - Written by [@sandrogauci](https://twitter.com/sandrogauci).
  - notes - Some public notes by [@ChALkeR](https://github.com/ChALkeR).
  - Infosec_Reference - Information Security Reference That Doesn't Suck by [@rmusser01](https://github.com/rmusser01).
  - awesome-bug-bounty - Comprehensive curated list of available Bug Bounty & Disclosure Programs and write-ups by [@djadmin](https://github.com/djadmin).
  - bug-bounty-reference - List of bug bounty write-up that is categorized by the bug nature by [@ngalongc](https://github.com/ngalongc).
  - EQGRP - Decrypted content of eqgrp-auction-file.tar.xz by [@x0rz](https://github.com/x0rz).
  - Google VRP and Unicorns - Written by [Daniel Stelter-Gliese](https://www.linkedin.com/in/daniel-stelter-gliese-170a70a2/).
  - Brute Forcing Your Facebook Email and Phone Number - Written by [PwnDizzle](http://pwndizzle.blogspot.jp/).
  - Pentest + Exploit dev Cheatsheet wallpaper - Penetration Testing and Exploit Dev CheatSheet.
  - The Definitive Security Data Science and Machine Learning Guide - Written by JASON TROS.
  - Cybersecurity Campaign Playbook - Written by [Belfer Center for Science and International Affairs](https://www.belfercenter.org/).
  - $7.5k Google services mix-up - Written by [Ezequiel Pereira](https://sites.google.com/site/testsitehacking/).
  - How I exploited ACME TLS-SNI-01 issuing Let's Encrypt SSL-certs for any domain using shared hosting - Written by [@fransrosen](https://twitter.com/fransrosen).
  - Escape and Evasion Egressing Restricted Networks - Written by [Chris Patten, Tom Steele](info@optiv.com).
  - The bug bounty program that changed my life - Written by [Gwen](http://10degres.net/).
  - Implications of Loading .NET Assemblies - Written by [Brian Wallace](https://threatvector.cylance.com/en_us/contributors/brian-wallace.html).
  - How we abused Slack's TURN servers to gain access to internal services - Written by [@sandrogauci](https://twitter.com/sandrogauci).
  - DOS File Path Magic Tricks - Written by [@clr2of8](https://medium.com/@clr2of8).
Browser Exploitation
- Backend (core of Browser implementation, and often refers to C or C++ part)
  - Attacking JavaScript Engines - A case study of JavaScriptCore and CVE-2016-4622 - Written by [phrack@saelo.net](phrack@saelo.net).
  - A Methodical Approach to Browser Exploitation - Written by [@PatrickBiernat](https://twitter.com/PatrickBiernat), [@gaasedelen](https://twitter.com/gaasedelen) and [@itszn13](https://twitter.com/itszn13).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - CLEANLY ESCAPING THE CHROME SANDBOX - Written by [@tjbecker_](https://twitter.com/tjbecker_).
  - Breaking UC Browser - Written by [Доктор Веб](https://www.drweb.ru/).
  - Three roads lead to Rome - Written by [@holynop](https://twitter.com/holynop).
  - Look Mom, I don't use Shellcode - Browser Exploitation Case Study for Internet Explorer 11 - Written by [@moritzj](http://twitter.com/moritzj).
  - PUSHING WEBKIT'S BUTTONS WITH A MOBILE PWN2OWN EXPLOIT - Written by [@wanderingglitch](https://twitter.com/wanderingglitch).
  - CVE-2017-2446 or JSC::JSGlobalObject::isHavingABadTime. - Written by [Diary of a reverse-engineer](https://doar-e.github.io/).
  - How I got my first big bounty payout with Tesla - Written by [@cj.fairhead](https://medium.com/@cj.fairhead).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Exploiting a V8 OOB write. - Written by [@halbecaf](https://twitter.com/halbecaf).
  - Breaking UC Browser - Written by [Доктор Веб](https://www.drweb.ru/).
  - Attacking JavaScript Engines - A case study of JavaScriptCore and CVE-2016-4622 - Written by [phrack@saelo.net](phrack@saelo.net).
  - SSD Advisory – Chrome Turbofan Remote Code Execution - Written by [SecuriTeam Secure Disclosure (SSD)](https://blogs.securiteam.com/).
- Frontend (like SOP bypass, URL spoofing, and something like that)
  - The world of Site Isolation and compromised renderer - Written by [@shhnjk](https://twitter.com/shhnjk).
  - The Cookie Monster in Your Browsers - Written by [@filedescriptor](https://twitter.com/filedescriptor).
  - Bypassing Mobile Browser Security For Fun And Profit - Written by [@rafaybaloch](https://twitter.com/@rafaybaloch).
  - The inception bar: a new phishing method - Written by [jameshfisher](https://jameshfisher.com/).
  - JSON hijacking for the modern web - Written by [portswigger](https://portswigger.net/).
  - IE11 Information disclosure - local file detection - Written by James Lee.
  - SOP bypass / UXSS – Stealing Credentials Pretty Fast (Edge) - Written by [Manuel](https://twitter.com/magicmac2000).
  - ブラウザの脆弱性とそのインパクト - Written by [Muneaki Nishimura](https://speakerdeck.com/nishimunea) and [Masato Kinugawa](https://twitter.com/kinugawamasato).
  - Особенности Safari в client-side атаках - Written by [Bo0oM](https://bo0om.ru/author/admin).
  - How do we Stop Spilling the Beans Across Origins? - Written by [aaj at google.com](aaj@google.com) and [mkwst at google.com](mkwst@google.com).
  - Setting arbitrary request headers in Chromium via CRLF injection - Written by [Michał Bentkowski](https://blog.bentkowski.info/).
  - Sending arbitrary IPC messages via overriding Function.prototype.apply - Written by [@kinugawamasato](https://twitter.com/kinugawamasato).
  - Take Advantage of Out-of-Scope Domains in Bug Bounty Programs - Written by [@Abdulahhusam](https://twitter.com/Abdulahhusam).
  - JSON hijacking for the modern web - Written by [portswigger](https://portswigger.net/).
  - IE11 Information disclosure - local file detection - Written by James Lee.
  - How do we Stop Spilling the Beans Across Origins? - Written by [aaj at google.com](aaj@google.com) and [mkwst at google.com](mkwst@google.com).
Tricks
- XSS
  - How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) - Written by [@marin_m](https://medium.com/@marin_m).
  - Exploiting XSS with 20 characters limitation - Written by [Jorge Lajara](https://jlajara.gitlab.io/).
  - Upgrade self XSS to Exploitable XSS an 3 Ways Technic - Written by [HAHWUL](https://www.hahwul.com/).
  - XSS without parentheses and semi-colons - Written by [@garethheyes](https://twitter.com/garethheyes).
  - XSS-Auditor — the protector of unprotected and the deceiver of protected. - Written by [@terjanq](https://medium.com/@terjanq).
  - Query parameter reordering causes redirect page to render unsafe URL - Written by [kenziy](https://hackerone.com/kenziy).
  - DON'T TRUST THE DOM: BYPASSING XSS MITIGATIONS VIA SCRIPT GADGETS - Written by [Sebastian Lekies](https://twitter.com/slekies), [Krzysztof Kotowicz](https://twitter.com/kkotowicz), and [Eduardo Vela](https://twitter.com/sirdarckcat).
  - Uber XSS via Cookie - Written by [zhchbin](http://zhchbin.github.io/).
  - DOM XSS – auth.uber.com - Written by [StamOne_](http://stamone-bug-bounty.blogspot.tw/).
  - 5文字で書くJavaScript - Shibuya.XSS techtalk #10 by [Masato Kinugawa](https://twitter.com/kinugawamasato).
  - Stored XSS on Facebook - Written by [Enguerran Gillier](https://opnsec.com/).
  - XSS in Google Colaboratory + CSP bypass - Written by [Michał Bentkowski](https://blog.bentkowski.info/).
  - Another XSS in Google Colaboratory - Written by [Michał Bentkowski](https://blog.bentkowski.info/).
  - </script> is filtered ? - Written by [@strukt93](https://twitter.com/strukt93).
  - $20000 Facebook DOM XSS - Written by [@vinodsparrow](https://twitter.com/vinodsparrow).
  - ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else - Written by [Mario Heiderich](http://www.slideshare.net/x00mario).
  - XSS without parentheses and semi-colons - Written by [@garethheyes](https://twitter.com/garethheyes).
  - XSS-Auditor — the protector of unprotected and the deceiver of protected. - Written by [@terjanq](https://medium.com/@terjanq).
  - ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else - Written by [Mario Heiderich](http://www.slideshare.net/x00mario).
  - Uber XSS via Cookie - Written by [zhchbin](http://zhchbin.github.io/).
  - DOM XSS – auth.uber.com - Written by [StamOne_](http://stamone-bug-bounty.blogspot.tw/).
  - </script> is filtered ? - Written by [@strukt93](https://twitter.com/strukt93).
- Clickjacking
  - Clickjackings in Google worth 14981.7$ - Written by [@raushanraj_65039](https://medium.com/@raushanraj_65039).
- SQL Injection
  - Making a Blind SQL Injection a little less blind - Written by [TomNomNom](https://twitter.com/TomNomNom).
  - MySQL Error Based SQL Injection Using EXP - Written by [@osandamalith](https://twitter.com/osandamalith).
  - SQL injection in an UPDATE query - a bug bounty story! - Written by [Zombiehelp54](http://zombiehelp54.blogspot.jp/).
  - Red Team Tales 0x01: From MSSQL to RCE - Written by [Tarlogic](https://www.tarlogic.com/en/cybersecurity-blog/).
  - SQL INJECTION AND POSTGRES - AN ADVENTURE TO EVENTUAL RCE - Written by [@denandz](https://github.com/denandz).
  - GitHub Enterprise SQL Injection - Written by [Orange](http://blog.orange.tw/).
  - Red Team Tales 0x01: From MSSQL to RCE - Written by [Tarlogic](https://www.tarlogic.com/en/cybersecurity-blog/).
- SSRF
  - Into the Borg – SSRF inside Google production network - Written by [opnsec](https://opnsec.com/).
  - SSRF to ROOT Access - A $25k bounty for SSRF leading to ROOT Access in all instances by [0xacb](https://hackerone.com/0xacb).
  - PHP SSRF Techniques - Written by [@themiddleblue](https://medium.com/@themiddleblue).
  - SSRF in https://imgur.com/vidgif/url - Written by [aesteral](https://hackerone.com/aesteral).
  - All you need to know about SSRF and how may we write tools to do auto-detect - Written by [@Auxy233](https://twitter.com/Auxy233).
  - A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! - Written by [Orange](http://blog.orange.tw/).
  - SSRF Tips - Written by [xl7dev](http://blog.safebuff.com/).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
  - AWS takeover through SSRF in JavaScript - Written by [Gwen](http://10degres.net/).
  - PHP SSRF Techniques - Written by [@themiddleblue](https://medium.com/@themiddleblue).
  - All you need to know about SSRF and how may we write tools to do auto-detect - Written by [@Auxy233](https://twitter.com/Auxy233).
  - Piercing the Veil: Server Side Request Forgery to NIPRNet access - Written by [Alyssa Herrera](https://medium.com/@alyssa.o.herrera).
- Remote Code Execution
  - $36k Google App Engine RCE - Written by [Ezequiel Pereira](https://sites.google.com/site/testsitehacking/).
  - What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. - Written by [@breenmachine](https://twitter.com/@breenmachine).
  - CVE-2019-1306: ARE YOU MY INDEX? - Written by [@yu5k3](https://twitter.com/yu5k3).
  - WebLogic RCE (CVE-2019-2725) Debug Diary - Written by Badcode@Knownsec 404 Team.
  - Exploiting Node.js deserialization bug for Remote Code Execution - Written by [OpSecX](https://opsecx.com/index.php/author/ajinabraham/).
  - DRUPAL 7.X SERVICES MODULE UNSERIALIZE() TO RCE - Written by [Ambionics Security](https://www.ambionics.io/).
  - How we exploited a remote code execution vulnerability in math.js - Written by [@capacitorset](https://github.com/capacitorset).
  - GitHub Enterprise Remote Code Execution - Written by [@iblue](https://github.com/iblue).
  - Poor RichFaces - Written by [CODE WHITE](https://www.code-white.com/).
  - Remote Code Execution on a Facebook server - Written by [@blaklis_](https://twitter.com/blaklis_).
  - Evil Teacher: Code Injection in Moodle - Written by [RIPS Technologies](https://www.ripstech.com/).
  - How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! - Written by [Orange](http://blog.orange.tw/).
  - $36k Google App Engine RCE - Written by [Ezequiel Pereira](https://sites.google.com/site/testsitehacking/).
- Header Injection
  - Java/Python FTP Injections Allow for Firewall Bypass - Written by [Timothy Morgan](https://plus.google.com/105917618099766831589).
- CSRF
  - Neat tricks to bypass CSRF-protection - Written by [Twosecurity](https://twosecurity.io/).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - If HttpOnly You Could Still CSRF… Of CORS you can! - Written by [@GraphX](https://twitter.com/GraphX).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
  - Stealing CSRF tokens with CSS injection (without iFrames) - Written by [@dxa4481](https://github.com/dxa4481).
  - Exploiting CSRF on JSON endpoints with Flash and redirects - Written by [@riyazwalikar](https://blog.appsecco.com/@riyazwalikar).
  - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters - Written by [@rramgattie](https://blog.securityevaluators.com/@rramgattie).
- NoSQL Injection
  - GraphQL NoSQL Injection Through JSON Types - Written by [Pete](http://www.petecorey.com/work/).
  - GraphQL NoSQL Injection Through JSON Types - Written by [Pete](http://www.petecorey.com/work/).
- XXE
  - XML Out-Of-Band Data Retrieval - Written by Timur Yunusov and Alexey Osipov.
  - XXE OOB exploitation at Java 1.7+ (2014) - Written by [Ivan Novikov](https://twitter.com/d0znpp/).
  - Evil XML with two encodings - Written by [Arseniy Sharoglazov](https://mohemiv.com/).
  - XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites) - Written by [Rose Jackcode](https://twitter.com/codeshtool).
  - XXE OOB extracting via HTTP+FTP using single opened port - Written by [skavans](https://skavans.ru/).
  - What You Didn't Know About XML External Entities Attacks - Written by [Timothy D. Morgan](https://twitter.com/ecbftw).
  - Pre-authentication XXE vulnerability in the Services Drupal module - Written by [Renaud Dubourguais](https://twitter.com/_m0bius).
  - Exploiting XXE with local DTD files - Written by [Arseniy Sharoglazov](https://twitter.com/_mohemiv).
  - Automating local DTD discovery for XXE exploitation - Written by [Philippe Arteau](https://twitter.com/h3xstream).
  - Automating local DTD discovery for XXE exploitation - Written by [Philippe Arteau](https://twitter.com/h3xstream).
  - Forcing XXE Reflection through Server Error Messages - Written by [Antti Rantasaari](https://blog.netspi.com/author/antti-rantasaari/).
  - XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites) - Written by [Rose Jackcode](https://twitter.com/codeshtool).
  - Forcing XXE Reflection through Server Error Messages - Written by [Antti Rantasaari](https://blog.netspi.com/author/antti-rantasaari/).
- Web Cache Poisoning
  - Bypassing Web Cache Poisoning Countermeasures - Written by [@albinowax](https://twitter.com/albinowax).
  - Cache poisoning and other dirty tricks - Written by [Wallarm](https://wallarm.com/).
  - Bypassing Web Cache Poisoning Countermeasures - Written by [@albinowax](https://twitter.com/albinowax).
  - Cache poisoning and other dirty tricks - Written by [Wallarm](https://wallarm.com/).
- URL
  - Some Problems Of URLs - Written by [Chris Palmer](https://noncombatant.org/about/).
  - Phishing with Unicode Domains - Written by [Xudong Zheng](https://www.xudongz.com/).
  - Unicode Domains are bad and you should feel bad for supporting them - Written by [VRGSEC](https://www.vgrsec.com/).
  - [dev.twitter.com - Written by [Sergey Bobrov](http://blog.blackfan.ru/).
  - [dev.twitter.com - Written by [Sergey Bobrov](http://blog.blackfan.ru/).
- Deserialization
  - ASP.NET resource files (.RESX) and deserialisation issues - Written by [@irsdl](https://twitter.com/irsdl).
- OAuth
  - Facebook OAuth Framework Vulnerability - Written by [@AmolBaikar](https://twitter.com/AmolBaikar).
- Others
  - How I hacked Google’s bug tracking system itself for $15,600 in bounties - Written by [@alex.birsan](https://medium.com/@alex.birsan).
  - Some Tricks From My Secret Group - Written by [phithon](https://www.leavesongs.com/).
  - Inducing DNS Leaks in Onion Web Services - Written by [@epidemics-scepticism](https://github.com/epidemics-scepticism).
  - Stored XSS, and SSRF in Google using the Dataset Publishing Language - Written by [@signalchaos](https://twitter.com/signalchaos).
  - How I hacked Google’s bug tracking system itself for $15,600 in bounties - Written by [@alex.birsan](https://medium.com/@alex.birsan).
- FTP Injection
  - XXE OOB exploitation at Java 1.7+ - Written by [Ivan Novikov](http://lab.onsec.ru/).
Cheetsheets
- Database
  - XSS Cheat Sheet - 2018 Edition - Written by [@brutelogic](https://twitter.com/brutelogic).
  - Capture the Flag CheatSheet - Written by [@uppusaikiran](https://github.com/uppusaikiran).
Blogs
- Others
  - Orange - Taiwan's talented web penetrator.
  - leavesongs - China's talented web penetrator.
  - James Kettle - Head of Research at [PortSwigger Web Security](https://portswigger.net/).
  - Broken Browser - Fun with Browser Vulnerabilities.
  - Scrutiny - Internet Security through Web Browsers by Dhiraj Mishra.
  - BRETT BUERHAUS - Vulnerability disclosures and rambles on application security.
  - n0tr00t - ~# n0tr00t Security Team.
  - OpnSec - Open Mind Security!
  - 0Day Labs - Awesome bug-bounty and challenges writeups.
  - Blog of Osanda - Security Researching and Reverse Engineering.
  - Orange - Taiwan's talented web penetrator.
  - James Kettle - Head of Research at [PortSwigger Web Security](https://portswigger.net/).
  - Scrutiny - Internet Security through Web Browsers by Dhiraj Mishra.
  - n0tr00t - ~# n0tr00t Security Team.
  - RIPS Technologies - Write-ups for PHP vulnerabilities.
  - 0Day Labs - Awesome bug-bounty and challenges writeups.
Community
- ModSecurity / OWASP ModSecurity Core Rule Set

Programming Languages

Python 33 JavaScript 13 Go 6 HTML 3 PHP 3 C 3 Perl 2 CSS 2 Ruby 2 C++ 2

awesome-web-security

Tools

Proxy

Reconnaissance

Penetration Testing

Detecting

Decompiler

Scanning

Offensive

Preventing

Others

Webshell

Disassembler

Leaking

Command Injection

Fuzzing

Auditing

DNS Rebinding

Code Generating

Forums

Practices

AWS

Application

XSS

ModSecurity / OWASP ModSecurity Core Rule Set

Digests

Social Engineering Database

Others

Introduction

Crypto

AWS

XSS - Cross-Site Scripting

CSV Injection

Upload

CSRF - Cross-Site Request Forgery

Deserialization

JWT

Prototype Pollution

SQL Injection

Command Injection

ORM Injection

FTP Injection

XXE - XML eXternal Entity

Clickjacking

SSRF - Server-Side Request Forgery

Web Cache Poisoning

Relative Path Overwrite

Open Redirect

Security Assertion Markup Language (SAML)

Rails

AngularJS

ReactJS

SSL/TLS

NFS

Azure

Sub Domain Enumeration

Web Shell

OSINT

DNS Rebinding

OAuth

Webmail

PoCs

Database

Evasions

CSP

WAF

XXE

Authentication

JSMVC

Twitter Users

Others

Miscellaneous

ModSecurity / OWASP ModSecurity Core Rule Set

Browser Exploitation

Backend (core of Browser implementation, and often refers to C or C++ part)

Frontend (like SOP bypass, URL spoofing, and something like that)

Tricks

XSS

Clickjacking

SQL Injection