Hi friends,its been long time since i have't posted some thing so here is some thing that will help you for sure.There are many people out there/students who ask me lot of time i want to learn this security stuff from where i should start.

again let me clearly tell you this web site contains many link pick any one that will be help full to i am making some structured urls from which you can easily learn many things .remember these are all for technical purpose only :).

so here we go for Web application security part.
Learn the fundamental/primary attacks.

-XSS(cross site scripting )

  • Beginners tutorial on XSS :See this link
  • Google XSS learning Tutorials: See this link
  • Advance attacks bypass XSS Filters/IDS:See this book

    -CSRF(Cross Site request Forgery)

    Many beginner find this slight difficult to understand so here below link for simple explanation.
  • How to find CSRF and Preventing Download this book
  • exploiting/attacking with CSRF Vulnerability See this link

    -SQL Injection

  • Introduction to SQL Injection error based sqli: See this link
  • MSSQL Injection Complete Tutorial- See this link
  • Everything you wanted to know about SQL injection - See this link

    Remote Code/Command Execution

  • How to find RCE in scripts (with examples)- See this link
  • Yahoo vulnerability LFI Converted to RCE (patched)- See this link
  • Remote Code Execution in Elasticsearch - CVE-2015-1427 Deep research See this link

    XML external entity attack

  • How to detect XXE - See this link
  • XML Out-Of-Band Data Retrieval research Black Hat 2013 - Download PDF
  • SSRF vs. Business-critical applications: XXE tunneling in SAP - Download PDF
  • What you didn’t know about XXE - Download PDF

    Other few popular attacks on web application

  • Server side request forgery Attacks - Slides
  • Cross Site Port Attacks - BY Riyaz
  • Hunting for Top Bounties - YouTube link
  • How to steal and modify data using Business Logic flaws - Slides Security for developers
  • Exploiting CVE-2011-2461 on - See the link
  • PentesterLab - - PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities. (thanks @n0x00)
  • InjectX to find XSS - See the link thanks @1N3

    Of Course there exist bugs in mobile application too so if you are interested on that you will definitely find the link more likable

    Android Security learning

  • Debugging Java Applications Using JDB - See the link to learn
  • Learn android security testing - From Srinivas

    iOS application testing

  • Setting Up a Mobile Pentesting Platform - Infosec Link
  • iOS Application Security -By Prateek Gianchandani

    For Advance security researchers you can follow the VULNHUB It s grate source of learning.

    Another important website for learning is infosecinstitute that is great place for all type of learner.
    Security Articles
    Security ebook
    Lab For practice

    Please do comment if you have more useful link and thanks have a nice day keep learning :)
  • Post a Comment

    Feel Free To Ask Your Query we Love To Answer