Pentration Testing, Beginners To Expert!
• Phase 1 – History;
• Phase 2 – Web and Server Technology;
• Phase 3 – Setting up the lab with BurpSuite and bWAPP;
• Phase 4 – Mapping the application and attack surface;
• Phase 5 – Understanding and exploiting OWASP top 10 vulnerabilities;
• Phase 6 – Session management testing;
• Phase 7 – Bypassing client-side controls;
• Phase 8 – Attacking authentication/login;
• Phase 9 - Attacking access controls (IDOR, Priv esc, hidden files and directories);
• Phase 10 – Attacking Input validations (All injections, XSS and mics);
• Phase 11 – Generating and testing error codes;
• Phase 12 – Weak cryptography testing;
• Phase 13 – Business logic vulnerability.
https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes
• Phase 1 – History;
• Phase 2 – Web and Server Technology;
• Phase 3 – Setting up the lab with BurpSuite and bWAPP;
• Phase 4 – Mapping the application and attack surface;
• Phase 5 – Understanding and exploiting OWASP top 10 vulnerabilities;
• Phase 6 – Session management testing;
• Phase 7 – Bypassing client-side controls;
• Phase 8 – Attacking authentication/login;
• Phase 9 - Attacking access controls (IDOR, Priv esc, hidden files and directories);
• Phase 10 – Attacking Input validations (All injections, XSS and mics);
• Phase 11 – Generating and testing error codes;
• Phase 12 – Weak cryptography testing;
• Phase 13 – Business logic vulnerability.
https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes
GitHub
GitHub - xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes: A comprehensive guide for web application penetration…
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities. - xalgord/Massive-...
👍3❤2
Testing JavaScript files for bug bounty hunters
https://www.intigriti.com/researchers/blog/hacking-tools/testing-javascript-files-for-bug-bounty-hunters
https://www.intigriti.com/researchers/blog/hacking-tools/testing-javascript-files-for-bug-bounty-hunters
Intigriti
Testing JavaScript files for bug bounty hunters
You've with no doubt heard or seen other fellow bug bounty hunters find critical vulnerabilities thanks to JavaScript file enumeration, right? This article is all about the importance of testing and e...
🔥3👍2
💠 Web Application Basics: The foundation of Modern Internet
🔗 https://hacklido.com/blog/966-web-application-basics-the-foundation-of-modern-internet
🔗 https://hacklido.com/blog/966-web-application-basics-the-foundation-of-modern-internet
HACKLIDO
Web Application Basics: The foundation of Modern Internet
Web applications are essential to the modern internet, providing the backbone for many services we use daily. Understanding the basics of web applicati...
💠 Understanding HTTP: The Language of the Web
🔗 https://hacklido.com/blog/965-understanding-http-the-language-of-the-web
🔗 https://hacklido.com/blog/965-understanding-http-the-language-of-the-web
HACKLIDO
Understanding HTTP: The Language of the Web
This will be start of our new blog series, I am planning to to keep it simple and we will call this as Web Application Pentesting series. Websites and APIs...
🔊 100 tools every Web Pentester must know
Burp Suite
OWASP ZAP
Metasploit Framework
sqlmap
Nmap
Dirbuster
WPScan
Arachni
BeEF
Hydra
XSSer
Sqlninja
Cain and Abel
Netcat
THC Hydra
Nikto
Skipfish
Vega
sqlsus
John the Ripper
THC-SSL-DOS
Sublist3r
Wfuzz
Shodan
Fiddler
sqlmapgui
Wapiti
Yersinia
Tamper Data
WebScarab
Paros
SQL Inject Me
Acunetix
Nessus
Grendel-Scan
Ratproxy
IronWASP
Websecurify
Zed Attack Proxy
Zenmap
NoSQLMap
ODAT
X-Forwarded-For Spoofer
WebSlayer
w3af
Maltego
WPScan Desktop
WP-Scan Vulnerability Database
BruteForcer
JoomScan
Joomfish Scanner
WP Security Audit Log
JoomlaScan
CMSmap
Vega Vulnerability Scanner
Skipfish Web Application Security Scanner
Grabber
DAVScan
bbqsql
Scrawlr
Cewl
Wapiti Web Application Vulnerability Scanner
XssPy
RIPS
Zenmap
WPScan
Arachni
OWASP ZAP
Sqlmap
Nessus
Kali Linux
Acunetix Web Vulnerability Scanner
Nmap
Vega
Metasploit Framework
Hydra
Burp Suite
Nikto
Zed Attack Proxy
Grendel-Scan
Skipfish
Arachni
Wfuzz
Dirbuster
Sqlninja
NoSQLMap
OWASP Mantra
WP-Scanner
XSSer
Metagoofil
Brutus
RainbowCrack
THC-Hydra
Medusa
THC-SSL-DOS
OpenVAS
WP-Scan Vulnerability Database
WPScan Desktop
LFI Suite
XssPy
Burp Suite
OWASP ZAP
Metasploit Framework
sqlmap
Nmap
Dirbuster
WPScan
Arachni
BeEF
Hydra
XSSer
Sqlninja
Cain and Abel
Netcat
THC Hydra
Nikto
Skipfish
Vega
sqlsus
John the Ripper
THC-SSL-DOS
Sublist3r
Wfuzz
Shodan
Fiddler
sqlmapgui
Wapiti
Yersinia
Tamper Data
WebScarab
Paros
SQL Inject Me
Acunetix
Nessus
Grendel-Scan
Ratproxy
IronWASP
Websecurify
Zed Attack Proxy
Zenmap
NoSQLMap
ODAT
X-Forwarded-For Spoofer
WebSlayer
w3af
Maltego
WPScan Desktop
WP-Scan Vulnerability Database
BruteForcer
JoomScan
Joomfish Scanner
WP Security Audit Log
JoomlaScan
CMSmap
Vega Vulnerability Scanner
Skipfish Web Application Security Scanner
Grabber
DAVScan
bbqsql
Scrawlr
Cewl
Wapiti Web Application Vulnerability Scanner
XssPy
RIPS
Zenmap
WPScan
Arachni
OWASP ZAP
Sqlmap
Nessus
Kali Linux
Acunetix Web Vulnerability Scanner
Nmap
Vega
Metasploit Framework
Hydra
Burp Suite
Nikto
Zed Attack Proxy
Grendel-Scan
Skipfish
Arachni
Wfuzz
Dirbuster
Sqlninja
NoSQLMap
OWASP Mantra
WP-Scanner
XSSer
Metagoofil
Brutus
RainbowCrack
THC-Hydra
Medusa
THC-SSL-DOS
OpenVAS
WP-Scan Vulnerability Database
WPScan Desktop
LFI Suite
XssPy
👍13👎6❤1