This repository contains a collection of resources and information related to web security vulnerabilities and testing techniques. It covers various topics, including Broken Access Control, CORS, CSRF, Clickjacking, Deserialization, Directory Traversal, HTTP Request Smuggling, IDOR, One-Liners For Testing Web Applications, Open Redirects, RCE 101, Recon 101, SQL Injection (SQLi), Server-Side Request Forgery (SSRF), Server-Side Template Injection (SSTI), Secrets in .git, Cross-Site Scripting (XSS), and XML External Entity (XXE) attacks.
If you are new to web security and want to learn about various vulnerabilities or testing techniques, you can explore the directories in this repository. Each directory covers a specific topic, and you'll find relevant information and resources inside.
Here's a brief overview of the vulnerabilities covered in this repository:
- Broken Access Control
- CORS
- Cross-Site Request Forgery (CSRF)
- Clickjacking
- Deserialization
- Directory Traversal
- HTTP Request Smuggling
- Insecure Direct Object References (IDOR)
- One-Liners For Testing Web Applications
- Open Redirects
- Remote Code Execution (RCE)
- Reconnaissance Techniques (Recon 101)
- SQL Injection (SQLi)
- Server-Side Request Forgery (SSRF)
- Server-Side Template Injection (SSTI)
- Secrets in .git
- Cross-Site Scripting (XSS)
- XML External Entity (XXE) Attacks
Please visit the corresponding directories to learn more about each topic.
If you have additional resources, examples, or information related to any of the vulnerabilities listed, you are welcome to contribute to this repository. Follow the guidelines in the individual README.md files within each directory on how to contribute.
For more resources on web security and bug hunting, you can check out the following:
This repository is provided under the MIT License.
Feel free to explore, learn, and contribute to make the web a more secure place!
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent