[!IMPORTANT]
My Web Pentest Training is accepted by Black Hat 2025 🎉🎉🎉 Please come and join the course with me 🤓

To celebrate this unforgettable moment (and sorry for not updating the repo since a while), I'll do a complete revamp of all the contents of this long-lasting repository in the coming weeks to catch up with the knowledge and tricks that have happened over these years.

Awesome Web Security

🐶 Curated list of Web Security materials and resources.

Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc. To combat this, here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques, and I highly encourage you to read this article "So you want to be a web security researcher?" first.Please read the contribution guidelines before contributing.🌈 Want to strengthen your penetration skills?
I would recommend playing some awesome-ctfs.If you enjoy this awesome list and would like to support it, check out my Patreon page :)
Also, don't forget to check out my repos 🐾 or say hi on my Twitter!Contents

Relative Path Overwrite

Sub Domain Enumeration

Remote Code Execution

OSINT
Sub Domain Enumeration

XSS
SQL Injection
Template Injection
XXE
CSRF
SSRF

Social Engineering Database

[!IMPORTANT]
My Web Pentest Training is accepted by Black Hat 2025 🎉🎉🎉 Please come and join the course with me 🤓

To celebrate this unforgettable moment (and sorry for not updating the repo since a while), I'll do a complete revamp of all the contents of this long-lasting repository in the coming weeks to catch up with the knowledge and tricks that have happened over these years.

Awesome Web Security

🐶 Curated list of Web Security materials and resources.

Please read the contribution guidelines before contributing.

🌈 Want to strengthen your penetration skills?
I would recommend playing some awesome-ctfs.

If you enjoy this awesome list and would like to support it, check out my Patreon page :)
Also, don't forget to check out my repos 🐾 or say hi on my Twitter!

Digests
Forums
Introduction
XSS
Prototype Pollution
CSV Injection
SQL Injection
Command Injection
ORM Injection
FTP Injection
XXE
CSRF
Clickjacking
SSRF
Web Cache Poisoning
Relative Path Overwrite
Open Redirect
SAML
Upload
Rails
AngularJS
ReactJS
SSL/TLS
Webmail
NFS
AWS
Azure
Fingerprint
Sub Domain Enumeration
Crypto
Web Shell
OSINT
DNS Rebinding
Deserialization
OAuth
JWT
Evasions
XXE
CSP
WAF
JSMVC
Authentication
Tricks
CSRF
Clickjacking
Remote Code Execution
XSS
SQL Injection
NoSQL Injection
FTP Injection
XXE
SSRF
Web Cache Poisoning
Header Injection
URL
Deserialization
OAuth
Others
Browser Exploitation
PoCs
Database
Cheetsheets
Tools
Auditing
Command Injection
Reconnaissance
- OSINT
- Sub Domain Enumeration
Code Generating
Fuzzing
Scanning
Penetration Testing
Leaking
Offensive
- XSS
- SQL Injection
- Template Injection
- XXE
- CSRF
- SSRF
Detecting
Preventing
Proxy
Webshell
Disassembler
Decompiler
DNS Rebinding
Others
Social Engineering Database
Blogs
Twitter Users
Practices
Application
AWS