Tlopasha/web-security-learning-resources

This repository contains list of web security related resources that you can use to gain new skills and extend knowledge

web-security-learning-resources

This repository contains list of web security related resources that you can use to gain new skills and extend knowledge

Content

• Awesome web security lists
• Books
• Certifications
• Cheat sheets
• Learning Platforms
• OWASP Resources
• Tools

Awesome Web Security lists

• awesome-web-security
• awesome-web-hacking
• awesome-bugbounty-writeups
• awesome-shodan-queries
• Awesome Asset Discovery
• static-analysis
• AWAE-Prep
• 31-day-of-api-security-tips
• XSS-payload-list
• awesome-security web part
• awesome-nodejs-security
• api-security-best-practises
• resources-for-beginner-bug-bounty-hackers
• awesome-ruby-security
• the-book-of-secret-knowledge
• awesome-osint
• my-arsenal-of-web-security-tools
• PayloadAllTheThings
• SecLists
• nginx-admins-handbook
• nodejs-best-practises
• HackTricks Web Pentesting
• pentest-tools

Books

• Web Hacking 101
• The Web Application Hacker's Handbook
• Web Application Security: Exploitation and Countermeasures for Modern Web Applications
• Web Security For Developers: Real Threats, Practical Defense
• Real-World Bug Hunting: A Field Guide to Web Hacking
• Web Application Security, A Beginner's Guide
• OpenSSL Cookbook
• Metasploit Unleashed
• Crypto 101

Certifications

• OSWE
• OSWA
• eWPT
• eWPTX
• eWDP
• GWAPT
• BSCP
• HTB CBBH

Cheat sheets

• Complete list

Learning platforms

• TryHackMe
  • Web labs
  • Web Fundamentals path
• PentesterLab
• Web Security Academy
• INE
  • Web Application Penetration Testing Professional
  • Advanced Web Application Penetration Testing
  • Web Defense Professional
• Offensive Security
  • Advanced Web Attacks and Exploitation
  • Web Attacks with Kali Linux
• HackTheBox
  • Web challenges
  • Web requests
  • JavaScript deobfuscation
  • Hacking Wordpress
  • File Inclusion/Directory Traversal
  • SQL Injection Fundamentals
  • Command Injection
  • Attacking Web Applications with Ffuf
  • Login bruteforcing
  • SQLMap Essentials
  • Introduction to Web Applications
• RootMe
  • Web-Client
  • Web-Server
• HackThisSite
• Hack.me
• Hacker 101
• PentesterAcademy
  • Python for pentesters
  • Javascript For Pentesters
  • WAP Challenges
  • Web Application Pentesting
• Cybrary
  • Web Security labs and assessments
• SANS
  • SEC522: Defending Web Applications Security Essentials
  • SEC542: Web App Penetration Testing and Ethical Hacking
  • SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques

OWASP Resources

• WSTG
• OWASP Top 10
• OWASP API Security Top 10
• Cheat Sheet Series
• OWASP-Testing-Checklist
• OWASP Projects list
• OWASP VWAD
• Security-Shepherd
• Juice Shop

Tools

• arachni
• Archery
• aws-enumerator
• beef
• brakeman
• Burp Suite
  • awesome-burp-extensions
  • burp-rest-api
  • burpa
  • Burp Suite Training
  • headless-burp
  • Burp documentation
  • Port Swigger blog
  • Web Hacking with Burp Suite
• cartography
• client-side-prototype-pollution
• csp-evaluator
• CyberChef
• dependency-track
• detect-secrets
• DOMPurify
• EyeWitness
• FinalRecon
• git leaks
• Hetty
• HostHunter
• HUNT
• JSShell
• jwt-tool
• jwtXploiter
• LeakLooker
• LinkFinder
• nikto
• nmap
• nosqlmap
• OWASP ZAP
  • Documentation
  • Blog
  • Videos
  • zap-community-scripts
  • zap-hud
  • zap-cli
  • zap-extensions
  • autowasp
• pentest-tools
• rapidscan
• S3Scanner
• semgrep
  • Documentation
  • Playground
  • Semgrep: a lightweight static analysis tool for security consultant and hackers
• SecretFinder
• Sn1per
• Snyk
• SonarQube
  • Documentation
  • Community
  • Step-by-step guide
  • SonarQube scanning in 15 minutes
• SonarSearch
• sqlmap
• Sublist3r
• w3af
• wappalyzer
• Wfuzz
• WhatWaf
• XSStrike