Web Security LearningΒΆ
- 1. Prologue
- 2. Computer Networks and Protocols
- 3. Information Collection
- 4. Common vulnerability attack and defense
- 4.1. SQL Injection
- 4.2. XSS
- 4.3. CSRF
- 4.4. SSRF
- 4.5. Command Injection
- 4.6. Directory Traversal
- 4.7. File reading
- 4.8. File Upload
- 4.9. File Include
- 4.10. XXE
- 4.11. Template Injection
- 4.12. Xpath injection
- 4.13. Logic Vulnerability / Business Vulnerability
- 4.14. Configuration and Policy Security
- 4.15. Middleware
- 4.16. Web Cache Spoofing Attack
- 4.17. HTTP Request Smuggling
- 5. Language and Framework
- 6. Intranet penetration
- 7. Cloud Security
- 8. Defense Technology
- 8.1. Team building
- 8.2. Red and blue confrontation
- 8.3. Secure Development
- 8.4. Safety Construction
- 8.5. Threat Intelligence
- 8.6. ATT&CK
- 8.7. Risk Control
- 8.8. Defense Framework
- 8.9. Reinforcement check
- 8.10. Intrusion Detection
- 8.11. Zero Trust Security
- 8.12. Honeypot technology
- 8.13. RASP
- 8.14. Emergency Response
- 8.15. Traceability Analysis
- 9. Authentication Mechanism
- 10. Tools and Resources
- 10.1. Recommended Resources
- 10.2. Related papers
- 10.3. Information Collection
- 10.4. Social Engineering
- 10.5. Fuzzing
- 10.6. Exploitation/Detection
- 10.7. Near source penetration
- 10.8. Web Persistence
- 10.9. Lateral movement
- 10.10. Cloud Security
- 10.11. Operating System Persistence
- 10.12. Audit Tools
- 10.13. Defense
- 10.14. Secure Development
- 10.15. Operation and Maintenance
- 10.16. Forensics
- 10.17. Others
- 11. Manual Quick Check
- 12. Others