Web Security Learning

Content Index:

• 1. Prologue
  • 1.1. Web technology evolution
  • 1.2. Evolution of Network Attack and Defense Technology
  • 1.3. Network Security Concept
  • 1.4. Laws and Regulations
• 2. Computer Networks and Protocols
  • 2.1. Network Basics
  • 2.2. UDP protocol
  • 2.3. TCP protocol
  • 2.4. DHCP Protocol
  • 2.5. Routing algorithm
  • 2.6. Domain Name System
  • 2.7. HTTP protocol suite
  • 2.8. Mail protocol family
  • 2.9. SSL/TLS
  • 2.10. IPsec
  • 2.11. Wi-Fi
• 3. Information Collection
  • 3.1. Web Entry/Information
  • 3.2. Domain Name Information
  • 3.3. Port Information
  • 3.4. Site Information
  • 3.5. Search engine utilization
  • 3.6. Social Engineering
  • 3.7. Reference Links
• 4. Common vulnerability attack and defense
  • 4.1. SQL Injection
  • 4.2. XSS
  • 4.3. CSRF
  • 4.4. SSRF
  • 4.5. Command Injection
  • 4.6. Directory Traversal
  • 4.7. File reading
  • 4.8. File Upload
  • 4.9. File Include
  • 4.10. XXE
  • 4.11. Template Injection
  • 4.12. Xpath injection
  • 4.13. Logic Vulnerability / Business Vulnerability
  • 4.14. Configuration and Policy Security
  • 4.15. Middleware
  • 4.16. Web Cache Spoofing Attack
  • 4.17. HTTP Request Smuggling
• 5. Language and Framework
  • 5.1. PHP
  • 5.2. Python
  • 5.3. Java
  • 5.4. JavaScript
  • 5.5. Golang
  • 5.6. Ruby
  • 5.7. ASP
  • 5.8. PowerShell
  • 5.9. Shell
  • 5.10. CSharp
• 6. Intranet penetration
  • 6.1. Windows Intranet Penetration
  • 6.2. Linux Intranet Penetration
  • 6.3. Backdoor Technology
  • 6.4. General Skills
  • 6.5. Reference Links
• 7. Cloud Security
  • 7.1. Container Standards
  • 7.2. Docker
  • 7.3. Reference Links
• 8. Defense Technology
  • 8.1. Team building
  • 8.2. Red and blue confrontation
  • 8.3. Secure Development
  • 8.4. Safety Construction
  • 8.5. Threat Intelligence
  • 8.6. ATT&CK
  • 8.7. Risk Control
  • 8.8. Defense Framework
  • 8.9. Reinforcement check
  • 8.10. Intrusion Detection
  • 8.11. Zero Trust Security
  • 8.12. Honeypot technology
  • 8.13. RASP
  • 8.14. Emergency Response
  • 8.15. Traceability Analysis
• 9. Authentication Mechanism
  • 9.1. Multi-Factor Authentication
  • 9.2. SSO
  • 9.3. JWT
  • 9.4. OAuth
  • 9.5. SAML
  • 9.6. SCRAM
  • 9.7. Windows
  • 9.8. Kerberos
  • 9.9. NTLM Authentication
• 10. Tools and Resources
  • 10.1. Recommended Resources
  • 10.2. Related papers
  • 10.3. Information Collection
  • 10.4. Social Engineering
  • 10.5. Fuzzing
  • 10.6. Exploitation/Detection
  • 10.7. Near source penetration
  • 10.8. Web Persistence
  • 10.9. Lateral movement
  • 10.10. Cloud Security
  • 10.11. Operating System Persistence
  • 10.12. Audit Tools
  • 10.13. Defense
  • 10.14. Secure Development
  • 10.15. Operation and Maintenance
  • 10.16. Forensics
  • 10.17. Others
• 11. Manual Quick Check
  • 11.1. Brute force tool
  • 11.2. Download tools
  • 11.3. Traffic related
  • 11.4. Sniffing Tools
  • 11.5. SQLMap Usage
• 12. Others
  • 12.1. Code Audit
  • 12.2. WAF
  • 12.3. Common Network Devices
  • 12.4. Fingerprints
  • 12.5. Unicode
  • 12.6. Email security
  • 12.7. Denial of Service Attacks
  • 12.8. APT
  • 12.9. Supply Chain Security
  • 12.10. Near-source penetration
  • 12.11. Common terms