Hi friends,its been long time since i have't posted some thing so here is some thing that will help you for sure.There are many people out there/students who ask me lot of time i want to learn this security stuff from where i should start.
again let me clearly tell you this web site contains many link pick any one that will be help full to you.now i am making some structured urls from which you can easily learn many things .remember these are all for technical purpose only :).
so here we go for Web application security part.
Learn the fundamental/primary attacks.
-XSS(cross site scripting )
Beginners tutorial on XSS :See this link
Google XSS learning Tutorials: See this link
Advance attacks bypass XSS Filters/IDS:See this book
-CSRF(Cross Site request Forgery)
Many beginner find this slight difficult to understand so here below link for simple explanation.
How to find CSRF and Preventing Download this book
exploiting/attacking with CSRF Vulnerability See this link
Introduction to SQL Injection error based sqli: See this link
MSSQL Injection Complete Tutorial- See this link
Everything you wanted to know about SQL injection - See this link
Remote Code/Command Execution
How to find RCE in scripts (with examples)- See this link
Yahoo vulnerability LFI Converted to RCE (patched)- See this link
Remote Code Execution in Elasticsearch - CVE-2015-1427 Deep research See this link
XML external entity attack
How to detect XXE - See this link
XML Out-Of-Band Data Retrieval research Black Hat 2013 - Download PDF
SSRF vs. Business-critical applications: XXE tunneling in SAP - Download PDF
What you didn’t know about XXE - Download PDF
Other few popular attacks on web application
Server side request forgery Attacks - Slides
Cross Site Port Attacks - BY Riyaz
Hunting for Top Bounties - YouTube link
How to steal and modify data using Business Logic flaws - Slides Security for developers
Exploiting CVE-2011-2461 on google.com - See the link
PentesterLab - - PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities. (thanks @n0x00)
InjectX to find XSS - See the link thanks @1N3
Of Course there exist bugs in mobile application too so if you are interested on that you will definitely find the link more likable
Android Security learning
Debugging Java Applications Using JDB - See the link to learn
Learn android security testing - From Srinivas
iOS application testing
Setting Up a Mobile Pentesting Platform - Infosec Link
iOS Application Security -By Prateek Gianchandani
For Advance security researchers you can follow the VULNHUB It s grate source of learning.
Another important website for learning is infosecinstitute that is great place for all type of learner.
Lab For practice
Please do comment if you have more useful link and thanks have a nice day keep learning :)
Post a Comment
Feel Free To Ask Your Query we Love To Answer