Skip to content

Latest commit

 

History

History
55 lines (53 loc) · 7.48 KB

articles.md

File metadata and controls

55 lines (53 loc) · 7.48 KB

Not The Hidden Wiki

Learn Web Application Hacking

  1. How to Bypass WAF - link
  2. API Penetration Testing - link
  3. Persisting XSS With IFrame Traps - link
  4. AppSec Tales - link
  5. Allow arbitrary URLs, expect arbitrary code execution - link
  6. OWASP ASVS - link
  7. AppSec Tales XXIV | Deserialization - link
  8. Crimson - AppSec firearm I - link
  9. AppSec Tales XXI | NoSQLI - link
  10. AppSec Tales XXII | LDAPI - link
  11. AppSec Tales XXIII | XPathI - link
  12. AppSec Tales XVIII | Open Redirect - link
  13. AppSec Tales XIX | CRLF - link
  14. AppSec Tales XXE - link
  15. Unexploitable SSTI, huh? - link
  16. AppSec Tales XIV | SSTI - link
  17. AppSec Tales XV | Path Traversal - link
  18. AppSec Tales XVI | File Inclusion - link
  19. AppSec Tales XVII | SSRF - link
  20. AppSec Tales XI | Input Validation - link
  21. AppSec Tales XII | XSS - link
  22. Automating Google 2FA with Burp - link
  23. AppSec Tales XIII | SQLI - link
  24. Not usual CSP bypass case - link
  25. AppSec Tales IX | OAuth - link
  26. AppSec Tales X | SAML - link
  27. Crimson — AppSec firearm II - link
  28. Crimson — AppSec firearm III - link
  29. Crimson — AppSec firearm IV - link
  30. AppSec Tales VIII | JWT - link
  31. AppSec Tales II | Sign-in - link
  32. AppSec Tales III | Password Recovery - link
  33. AppSec Tales IV | Email Change - link
  34. AppSec Tales V | Pass Change - link
  35. AppSec Tales VI | 2FA - link
  36. AppSec Tales VII | ACCESS - link
  37. AppSec Tales I | Sign-up - link
  38. Automation of the reconnaissance phase during Web Application Penetration Testing I - link
  39. Automation of the reconnaissance phase during Web Application Penetration Testing II - link
  40. Automation of the reconnaissance phase during Web Application Penetration Testing III - link
  41. Notes about attacking Jenkins servers - link
  42. The cheat sheet about Java Deserialization vulnerabilities - link
  43. All about bug bounty (bypasses, payloads, and etc) - link
  44. A GitHub repository providing an extensive cheat sheet for advanced SQL Injection techniques - link
  45. Awesome API Security - link
  46. Anatomy Of A File Upload Attack - link
  47. 1001 ways to PWN prod - link
  48. Setting Up an Environment for Web Hacking - link
  49. Five easy ways to hack GraphQL targets - link
  50. Use case for accont takeover - link