This list is for anyone wishing to learn about web application security but do not have a starting point. You can help by sending Pull Requests to add more information. If you’re not inclined to make PRs you can tweet me at @infoslack Table Of Contents Books For more information click here.
Category Archives: Web Application Analysis
GoAccess : A Comprehensive Guide To Real-Time Web Log Analysis And Visualization
GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal on *nix systems or through your browser. It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly. Features GoAccess parses the specified web log file and outputs the data to the X terminal. Features include: Nearly …
Continue reading “GoAccess : A Comprehensive Guide To Real-Time Web Log Analysis And Visualization”
X-Recon : Mastering XSS Vulnerability Scanning And Web Reconnaissance
A sophisticated tool designed for web application security enthusiasts. This utility specializes in identifying web page inputs and performing comprehensive XSS scanning. Whether you’re looking to uncover subdomains, analyze forms, or test for XSS vulnerabilities, X-Recon provides all the necessary functionalities to enhance your security testing efforts. Features: Note: The scanning functionality is currently inactive …
Continue reading “X-Recon : Mastering XSS Vulnerability Scanning And Web Reconnaissance”
WEB-Wordlist-Generator : Strengthening Your Web Application’s Defense Against Cyber Threats
In the digital age, securing web applications against cyber attacks is paramount. The WEB-Wordlist-Generator emerges as a crucial tool, designed to scan web applications and generate targeted wordlists. This allows for proactive measures to be taken, enhancing security and preventing potential breaches. With its easy installation and versatile usage options, it’s a must-have in any …
CakeFuzzer – Vulnerability Detection for CakePHP
Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives. Currently it is implemented to support the Cake PHP framework. If you would like to learn more about the research process check out this article series: CakePHP Application …
Continue reading “CakeFuzzer – Vulnerability Detection for CakePHP”
Clairvoyance – Unmasking Hidden GraphQL Schemas
Clairvoyance is a game-changer for GraphQL API developers. This tool gets the GraphQL API schema from sites where introspection is turned off and displays it in a user-friendly JSON format. Learn how to install it, how to use it in more advanced ways, and how to get help from a dedicated team of contributors. You’ll …
Continue reading “Clairvoyance – Unmasking Hidden GraphQL Schemas”
Burp Suite Tutorial – A Web Application Penetration Testing Tool – Beginners Guide
In this Burp Suite Tutorial, we are going to elaborately describe the Burp Suite tool and its features that are bundled in a single suite made for Web Application Security assessment as well as Penetration testing. It’s a java executable and hence it’s cross-platform. Kali Linux comes with Burp Suite free edition installed. There is …
Whatweb – A Scanning Tool to Find Security Vulnerabilities in Web App
Whatweb is the perfect name for this tool. Simply it answers the question, “What is that Website?” Whatweb can identify all sorts of information about a live website, like: Whatweb offers both passive scanning and aggressive testing. Passive scanning just extracts data from HTTP headers simulating a normal visit. Aggressive options get deeper with recursion …
Continue reading “Whatweb – A Scanning Tool to Find Security Vulnerabilities in Web App”
The Ultimate Guide to Web Testing: Types and Key Areas
This guide is a web security testing bible that will help you with web safety. It includes a number of different web security testing strategies and types of web security testing. You’ll learn how to test for vulnerabilities in your website, what the web looks like from an attacker’s perspective, and what you can do …
Continue reading “The Ultimate Guide to Web Testing: Types and Key Areas”
The Definitive Guide to Web Security Testing: Vulnerabilities and Password Management
Many web developers often neglect web security testing. However, it is a crucial part of the web development process because web security testing can identify vulnerabilities that may be missed during other stages. Once these web security holes are identified, they can be patched up and avoided from being exploited by hackers. In this guide, …