A map of AppSec service providers and solutions

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion tec...

On July 13 2021, a critical vulnerability was identified in WooCommerce. Learn more about what this means and how it was resolved.

Contribute to emadshanab/Acomplete-guide-to-dir-brute-force-admin-panel-and-API-endpoints development by creating an account on GitHub.

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀 - dwisiswant0/ppfuzz

Why use Burp Suite when OWASP ZAP does it all* without the paywall. Everything you do in Burp Community can be done just as well in ZAP.

Extract endpoints marked as disallow in robots files to generate wordlists. - Josue87/roboxtractor

🧐🧐When doing Source Code Review of Java Web Applications, grep these and try to understand if the input they receive can be controlled by an attacker 👇👇👇#BugBounty #bugbountytips #bugbountytip #infosec #Java #appsec

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security. - HolyBugx/HolyTips

Go scripts for checking API key / access token validity - daffainfo/Key-Checker

github.com/Static-Flow/Re… This extension adds a search bar to Repeater tabs! You can search Requests, Responses, or both via simple string matching or Regex.

Don't mistake Server Side Template injection(SSTI) for XSS, could be missing out on an easy RCEs. Enter {{7*7}} instead of your XSS payload, if the response is "14" then you got SSTI not XSS. Any time you find XSS you should also check for SSTI. #BugBounty…

Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training

Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec

Live Every Sunday on Twitch:
https://twitch.tv/nahamsec

Free $100 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b

Follow me on…