PDA

View Full Version : Web Application Penetration Testing



Pages : [1] 2

  1. OWASP Top 10 for 2010
  2. XSS Xposed (By Eberly)
  3. Cookie Stealing(Eberly)
  4. BASIC BLIND SQLI(wireless Punter)
  5. SQL INJECTION CHEET SHEET(wireless Punter)
  6. Prevent XSS in PHP:OWASP(wireless Punter)
  7. HTTP RESPONSE SPLIT(wireless Punter)
  8. Web Hacking Toolkit--punter
  9. Vulnerable Web Applications To learn Web Application Testing Skills
  10. Detecting Web application firewall during Pentesting
  11. WhatWeb Next generation Webscanner
  12. Analyzing the Accuracy and Time Costs of Web Application Security Scanners
  13. DotDotPwn v1.0 Directory Traversal Scanner tool
  14. Find Websites Located on the Same Web Server
  15. Web Application Security Audit checklists
  16. Detecting and exploiting XSS injections using XSSer Tool
  17. [bash] URL Requester
  18. [bash] Web Parameter Fuzzer
  19. [online] PHPCharset Encoder
  20. Utf-7 xss
  21. TA-Mapper: An Application Penetration Testing Effort Estimator!
  22. SQL Injection Cheat Sheets
  23. XSS Cheat Sheets
  24. Bruteforcing directories and files names on Webapplication servers using DirBuster
  25. Encoded XSS Demo on Joomla! 1.5.20
  26. Finding Admin Panel or upload web shell in Website-Another Method or chance....
  27. contribute to WhatWeb
  28. inspathx | Path Disclosure Finder
  29. Top 10 Application Security Vulnerabilities in Web.config Files
  30. [whatweb] new plugins
  31. MySQL Blind SQL Cheat Sheets
  32. BSNL Home Routers - UTSTARCOM [UT300R2U]
  33. XSS & SQL Injection through Barcodes
  34. Breaking Browsers: Hacking Auto-Complete
  35. Watobo on BackTrack4-RC2
  36. Using SQLMap for sql Injection
  37. Web-Services-Security-Testing-Framework
  38. Threat modelling analysis
  39. Google Search CSRF
  40. some good stuff from Ed Skuodis, core security
  41. Web Application Security Timeline (WAST) v1.0
  42. Google Reward Bugs
  43. Top 10 Web Application attack 2010
  44. Text: Next-Generation Phishing Attack
  45. text: What XSS Can Do
  46. Text: Hunting For Backdoor Scripts
  47. Diagram: Ongoing Web Application Security Model (OWA-SM)
  48. Text: Neglected Facts About CSRF
  49. Text: Path Disclosure - What it does tell
  50. Tool: Inspathx Path Disclosure Finder
  51. [whatweb] New and updated Plugins Covering Network Devices
  52. [Tool] Tell-Me-Web | Automating WhatWeb from NMap Output
  53. [online-tool] Known Flash-based XSS and Content Spoofing Flaw Hunter
  54. [online-p0c-tool] Referer XSS Proof-of-Concept [IE6,7,8,..]
  55. Mantra Free and Open Source Security Framework
  56. How To prevent XSS attack??
  57. Normal Yahoo.com[Password Reset Page] Bug
  58. Add Your URL To Google [Bypass Of Google Captcha ]
  59. Oracle Web Hacking
  60. host-extract | IP/Host Pattern Extractor
  61. Flash Parameters Injection Attack in SWF files.
  62. OWASP Mobile Application Security Project
  63. Googleusercontent.com [XSS]
  64. Web Backdoor Shell Detection on Servers
  65. weevely: A Stealth Tiny PHP Backdoor!
  66. Enumerating old or backup files
  67. Google's DOM snitch helps flag web app vulns
  68. WS-Attacks.org - A good resource on web app flaws
  69. Browser Security Handbook
  70. WebCruiser - Web Vulnerability Scanner, SQL Injection Tool !
  71. Cross Domain Content Extraction attacks
  72. Imgur.com session hijacking
  73. Double Clickjacking
  74. White Paper : Automated Web application fingerprinting
  75. Backdoor Webserver using MySQL-SQL Injection
  76. Declarative Security - Browser Addons for Mozilla Firefox
  77. Google Groups Profile CSRF
  78. Web framework HTML escaping to mitigate XSS
  79. Mozilla Web Application Security Training
  80. The Harvestor relased : Infomation Gathering tool
  81. Logging httponly cookies?
  82. Bypassing Web Application Firewalls with SQLMap Tamper Scripts
  83. LFI with phpinfo Assistance
  84. Rapid Threat Modeling
  85. OWASP CTF - Wargame @ Confidence 2008
  86. Javascript Obsfucation Challenge.
  87. Using sqlmap for testing HTTPS sites
  88. Remove Google Books with Clickjacking
  89. Hijacking 2 clicks in Google Account
  90. Securitybyte Presentation => HTML5: Something wicked this way comes
  91. CSRF Attack
  92. Invisible arbitrary CSRF profile picture upload in Facebook
  93. Application Backdoors, Attack, Evasion and Detection.
  94. RCE to shell upload [CGI]
  95. LFI Bypassing Filter using [Base 64] encoding
  96. DOM based XSS prevention: Use createTextNode() instead of innerHTML
  97. SQL Injection Prevention Cheat Sheet
  98. http://anti-virus.cloudflare.com XSS(Cross Site Scripting) Vulnerability
  99. Know everything about HTML5
  100. OWASP HTML5 Security Cheet Sheet
  101. Death of XSS
  102. Using mail() for Remote Code Execution
  103. Exploition of LDAP Injection and XPATH Injection - Lesser Known Injections
  104. Pwning Intranet with HTML5
  105. Burp Intruder Attack Types
  106. Web Application Testing Resources
  107. Web java injection
  108. Some Website xss Vulenerable Author Yogesh Kashyap
  109. Road to Web Application Security
  110. NULLs in entities in Firefox
  111. ClickJacking in a new way
  112. Make Profit with UI-Redressing Attacks
  113. w3af-fu: How-to test web applications with w3af
  114. Free eBook: OWASP Top 10 for .NET developers
  115. ClubHack preCON CTF Walkthrough
  116. Google Email Recovery Vulnerability (Removing Secondary E-mail Address -Self Exploit
  117. Found an Xss in subdomain of ibm.com
  118. webDAV service exploitation
  119. Silent web app testing + OWTF
  120. Twitter [Mobile] Account Settings Cross Site Scripting and Multiple Html Injection
  121. Collection of web application backdoors (web shells)
  122. Presentation: XML related Hacks
  123. Way2sms.com vulnerable to XSS
  124. Stefano Di Paola presenting DOM XSS at HackPra
  125. Hookworm: A Stealth PHP Backdoor - Analysis
  126. Evolution of Web Browsers and Client-side technologies
  127. IronWASP Beta version released
  128. SQL Injection in INSERT Query
  129. Xss through sqli ?
  130. List of Secure Coding Standards links
  131. Question : parametrized query are they totally safe.
  132. MySQL: Blind Injection steps - Manually
  133. Sqlmap plugin for BurpSuite
  134. Web Application Security Check List
  135. Mass Assignment Vulnerability
  136. Gmail XSS vulnerability through Content Sniffing
  137. Resources for Web Services Testing
  138. SQL Injection Resources
  139. Anatomy of an RFI/LFI Attack
  140. Presentation: Web Applications Pentesting
  141. PHP Stealth Backdoors
  142. Top 10 business logic attack vectors
  143. Web Application Hackers Toolchain
  144. Twitter Wipe Address Book CSRF Vulnerability
  145. About Admin
  146. Research Resources for MS SharePoint
  147. vulnerability when TRACE method is enable on web server
  148. SQLMap - Operating System Takeover - Windows
  149. XSS vulnerabilities in Symantec websites
  150. Google Account Password Reset Vulnerability using Mobile Sec Token [ClickJacking]
  151. Chrome PDF viewer "save as" vulnerability
  152. How to pentest Joomla, Drupal and WordPress
  153. [Exposed] Major Indian Shopping sites vulnerable to XSS
  154. Google Wallet CSRF
  155. Multiple Vulnerabilities with the Cisco Developer Network
  156. Zed Attack Proxy Translating
  157. Pentesting attacks
  158. Unusual XSS Payload
  159. Facebook 3rd Part App Installing Page UI Redressing Vulnerability
  160. Not only parameter values, but parameter names too
  161. script kiddie blocker
  162. Facebook CSRF worth USD 5000
  163. Facebook Clickjacking Attacks
  164. Google Website Translator Clickjacking Vulnerability
  165. SiliconIndia.com CSRF vulnerability
  166. Linkedin's Clickjacking & Open Url Redirection Vulnerabilities
  167. Google Fake XSS
  168. XSS Found in Jaguar,HERO motorcorp,Cardekho & MTV INDIA
  169. File upload bypassing techniques in web applications to upload shells
  170. <Complete>pentest standards</Complete>
  171. Content Smuggling
  172. POST based CSRF attack against Web Applications that use JSON RPC
  173. Carbylamine PHP Encoder
  174. Need Information of DOM Based XSS
  175. HTTP Parameter Pollution Vulnerability in Blogger.com (Now Fixed)
  176. Penetration testing of a web application using dangerous HTTP methods
  177. Flash XSS Cheat Sheet
  178. Resources for pentesting Java Thick Client Applications
  179. Quick and Dirty BurpSuite Tutorial
  180. Damn Vulnerable Web App
  181. SQL Injection Megaprimer [Video Series]
  182. TRACE method
  183. Havij Source Code
  184. Penetration Testing Vendor
  185. Wanna Increase Youtube views ?
  186. Blind SQL Injection in PayPal Notifications worth $3000
  187. Flash Cross Site Scripting[Help me!]
  188. Where to report security bugs and bug bounty rules ?
  189. Facebook Mobile Open Redirection Vulnerability
  190. Nonencapsulating Pseudo-Protocols -- browsers
  191. Hacking Web Services with Burp
  192. Paypal service Zong Update Credit Card & Billing Information CSRF
  193. File Uploading Issue in BillMeLater.com worth $5000
  194. Nokia bug bounty program details
  195. Using xss-protection and blocking/bypassing javascript code
  196. Stored XSS In Facebook Chat, Check In, Facebook Messenger
  197. Wapt
  198. xxe attack in javascript
  199. Change OAuth Target URL & Domain Description [ UI redress attack ]
  200. Google Website Translator (Add Editor) CSRF and Google Tasks (Add Task) Clickjacking
  201. Flash XSS in Summify.com (Twitter acquisition)
  202. OWASP Top Ten 2013
  203. Pwning Facebook accounts, taking a little help from Quora
  204. Found DoS vulnerability in one of the educational institution . What to do next ?
  205. Triggering an unexploitable DOM-based XSS in Rediff Blogs automagically
  206. Course Preview: The Art of Exploiting Injection Flaws
  207. Houston, we have an XSS at Garage
  208. Blind Sql injection Redbus.in [Responsible Disclosure]
  209. upload web shell
  210. PayPal CSRF: Change Primary Phone Number
  211. What kind of hash is this..?
  212. Anatomy of an XSS Attack
  213. PHP Code Auditing HELP!
  214. Intersting Vulnerability in express.bodyParser [Node.js]
  215. REST based Injection for web application penetration tests?
  216. Santa fun Web hacking challenge Level 1 [CTF]
  217. MOD Security Bypass
  218. HQL for pentesters
  219. Help in Time-based Blind SQLI
  220. UI redress attack on live.com (affected all pages).
  221. Bypassing CSRF protection that uses Refer and Source headers .
  222. Reverse Clickjacking
  223. [TUT][PICS] FROM having a Sqli or RCE Vulnerability TO Meterpreter SHELL [PICS][TUT]
  224. CppSqlInjector - C++ - Fastest Blind Sql Injection Tool - Linux and Windows - Free
  225. Facebook Custom Audiences OAuth 2.0 Redirect URI Bypass
  226. Online XSS challenges
  227. Reading Log Files in Postgresql Sql Injection - Tutorial
  228. prompt(1) to win XSS Challenge
  229. All Caps Attack Vector XSS
  230. Sql Injection in a Download PHP Script leading to LFI Tutorial
  231. XSS Bypass Encoding
  232. Garage4Hackers Nov XSS CTF 2014 Write-up
  233. G4H Nov CTF http://198.50.254.202 writeup
  234. Writeup on Garage4Hackers Xmas / Dec Web Challenge 2014
  235. DAws - Advanced Web Shell - Windows/Linux
  236. INSERT Statement Sql Injection - Advanced - Tutorial
  237. Pen-testing Pega?
  238. Commix : Automated All-in-One OS Command Injection and Exploitation Tool
  239. DAws - 22/5/2015
  240. Commix : Automated All-in-One OS Command Injection and Exploitation Tool
  241. Wordpress malware through backdoor?
  242. CVE-2015-2652 Unauthenticated File Upload in Oracle E-business Suite.
  243. Reporting vulnerabilities
  244. [Help] XSS + Sql injection?
  245. Daws - New Release - 5/12/2015
  246. Hi, I would like some help in advancing my skills.
  247. Exploiting site with LFI(Local File Inclusion) to Upload shell Tutorial-By Spirit
  248. Exploiting site with LFI(Local File Inclusion) to Upload shell Tutorial-By Spirit
  249. Exploiting site with LFI(Local File Inclusion) to Upload shell Tutorial-By Spirit
  250. Struts 2 Remote Code Execution CVE-2016-3081 POC