Web Security

A bunch of resources specifically on web testing & exploitation.

See also Recon.

Vulnerabilities

• XXE

Testing

Guides/Books

• OWASP Testing Guide v4
• Web Application Hacker’s Handbook

Courses

• Web Security Academy

Checklists

• WAHH Checklist - Testing Checklist from the Web Application Hacker’s Handbook

Tool Cheatsheets

• Burp Suite
• BeEF
• SQLMap

Tools

• autochrome - NCC Group tool to build pre-configured Chromium for proxy
• aquatone - Build HTTP report of screenshots of targets