cybersecurity Library

CtrlK

Blogs & Write-ups

whoami
Networking
Binary Exploitation & Reverse Engineering
Operating System
Windows Server & Security
RedTeam
Popular Sites
intel x86 Assembly
General IT
Web application Security
Mobile application Security
Blue Team
Linux
Computer Science
Tools
Cryptography

Powered by GitBook

On this page

Web application Security

TUTORIALS

https://xsleaks.dev/ https://www.hacker101.com/playlists/web_hacking https://ctf.hacker101.com/ https://www.hacker101.com/resources https://developer.mozilla.org/en-US/docs/Web/Security https://web.dev/explore/secure important! it teaches all about cookies and stuff https://tls13.xargs.org/ TLS illustration https://ja3.zone/check https://ciphersuite.info/ https://badssl.com/

ARTICLES https://web.dev/articles/samesite-cookies-explained https://ejj.io/misconfigured-cors https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure https://web.dev/articles/samesite-cookies-explained https://httptoolkit.com/blog/ https://security.lauritz-holtmann.de/ https://aszx87410.github.io/beyond-xss/en/ https://brutelogic.com.br/blog/ https://aszx87410.github.io/beyond-xss/en/ https://jameskettle.com/#inspiration

API SECURITY https://owasp.org/API-Security/editions/2023/en/0x00-header/

OWASP https://cheatsheetseries.owasp.org/ https://owasp.org/www-project-top-ten/ https://owasp.org/www-project-web-security-testing-guide/stable https://owasp.org/www-community/attacks/

TOOLS https://portswigger.net/web-security/cross-site-scripting/cheat-sheet https://bgp.he.net/irr/as-set/AS-INFO https://public-firing-range.appspot.com https://github.com/payloadbox/xss-payload-list https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet https://github.com/vavkamil/awesome-bugbounty-tools

PORTSWIGGER HAS A BIG TUTORIALS ON ALL THE TOPICS INCLUDING LABS https://portswigger.net/web-security/all-materials/detailed https://portswigger.net/web-security/all-labs

https://docs.cycubix.com https://sites.google.com/view/pentesting101 TLS fingerprinting: https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967 HOW BROWSERS WORK AND HEADERS: https://security.stackexchange.com/questions/8264/why-is-the-same-origin-policy-so-important for whole web dev concepts: https://developer.mozilla.org/en-US

all http headers: https://http.dev/headers

web sockets: https://www.youtube.com/watch?v=JEGSGWjBVBM&ab_channel=AllHackingCons

Third party cookies and tracking: https://www.youtube.com/watch?v=GCsrSaqx6UM&ab_channel=CookieYes read rfc specification for http versions: https://ably.com/topic/http-2-vs-http-3 https://ably.com/topic/http3 https://ably.com/topic/http2 videos identity access management: https://www.youtube.com/watch?v=Tcvsefz5DmA&ab_channel=VMwareEnd-UserComputing https://www.youtube.com/watch?v=SvppXbpv-5k&ab_channel=VMwareEnd-UserComputing https://www.youtube.com/watch?v=rTzlF-U9Y6Y&ab_channel=VMwareEnd-UserComputing

OAUTH 2.0: https://www.youtube.com/watch?v=996OiexHze0&ab_channel=OktaDev

PreviousGeneral IT NextMobile application Security

Last updated 5 days ago