Web

Resources

Articles

• Brainfuck beware: JavaScript is after you! - Patricio Palladino

• CSRF, CORS, and HTTP Security headers Demystified - Varun Naik

• Hacking JWT Tokens: The None Algorithm - Shivam Bathla

GitHub Repositories

• A practical security guide for web developers

• Awesome Web Hacking

• Damn Vulnerable Web Application

• JavaScript Security Cookbook

• OWASP Web Application Security Testing Checklist

• phpbash - A semi-interactive PHP shell compressed into a single file

Tools

JSON Web Tokens

• JWT Debugger

• jwt.io

Online Malware Detection

• MetaDefender Cloud

• VirusTotal

Websites

• abuse.ch - Fighting malware and botnets

  • Feodo Tracker - sharing C&C servers

  • MalwareBazaar - Malware sample exchange

  • SSL Blacklist - Detecting malicious SSL connections

  • ThreatFox - Share Indicators of Compromise

  • URLhaus - Malware URL exchange

  • YARAify - YARA scan engine

• bWAPP - a buggy web application

• Cisco Talos Intelligence - comprehensive threat intelligence

• flAWS

• Hacking-Lab

• How HTTPS works

• JSFuck - Write any JavaScript with 6 Characters: []()!+

• Open Web Application Security Project (OWASP)

  • Cheat Sheets

  • Juice Shop

  • Vulnerable Web Applications Directory

  • WebGoat

• PentesterLab

• PhishTool

• The Illustrated TLS Connection

• urlscan.io - URL and website scanner

• Web Application Exploits and Defenses

• Web Security Academy - PortSwigger

• Webhacking.kr

• Websec

• XSS Game