Security Workbook on Pentesting
Search…
Security Workbook on Pentesting
About us
References
Bug Bounty
Resources
Web-App Pentest
Insecure Deserialization
HTTP Cheat Sheet
Web App Pentest Checklist
CMS
OAuth
Hacks
PostMessage Vulnerabilities
Server-Side Template Injection (SSTI)
Keyhacks
Subdomain Enumeration & Takeover
Cross-site scripting (XSS)
Cross-Site Request Forgery (CSRF)
Redirects
Directory Bruteforce
Clickjacking
Insecure direct object references (IDOR)
Web Cache Deception
ReconNotes
Git Recon
Google Dorks
Shodan
CRLF Injection (%0d%0a)
Sensitive Information Disclosure
Race Conditions
Unristricted file upload
Template Injection
Response manipulation
JWT and it's bypass
SAML/SSO
SQL Injection
File Inclusion
XML External Entities (XXE)
Server-side request forgery (SSRF)
Command Injection
HTTP request smuggling
VPS
Business logic Vulnerabilities
API Pentest
Android App Pentest
iOS App Pentest
Network Pentest
Source Code Review
Cloud Security
Thick Client Pentesting
Mindmaps
Tools Cheat Sheet
Burp Extensions For Bug Bounty & Pen-Testing
Tools Used For Android Testing
Bug Bounty & Pen-Test Templates
CTF's
Powered By
GitBook
Web-App Pentest
Web Application Pentesting MindMaps
Web App Pentest
MindMeister
Web Application Security
MindMeister
Some useful resources which updates regularly
GitHub - KathanP19/HowToHunt: Tutorials and Things to Do while Hunting Vulnerability.
GitHub
GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
GitHub
Collection Of Bug Bounty Tip-Will Be updated daily
Medium
Previous
Resources
Next
Insecure Deserialization
Last modified
9d ago
Copy link
Contents