Web Security Learning
stable

Content Index:

  • 1. Prologue
  • 2. Computer Networks and Protocols
  • 3. Information Collection
  • 4. Common vulnerability attack and defense
  • 5. Language and Framework
  • 6. Intranet penetration
  • 7. Cloud Security
  • 8. Defense Technology
  • 9. Authentication Mechanism
  • 10. Tools and Resources
    • 10.1. Recommended Resources
      • 10.1.1. Book List
        • 10.1.1.1. Frontend
        • 10.1.1.2. Network
        • 10.1.1.3. SEO
        • 10.1.1.4. Wireless Attack and Defense
        • 10.1.1.5. Hacking Programming
        • 10.1.1.6. Social Engineering
        • 10.1.1.7. Data Security
        • 10.1.1.8. Machine Learning and Network Security
        • 10.1.1.9. Safety Construction
        • 10.1.1.10. General
        • 10.1.1.11. Legal
      • 10.1.2. WebSite
      • 10.1.3. Blog
      • 10.1.4. Bug Bounty
      • 10.1.5. Experimental Environment
        • 10.1.5.1. Web Security Related CTF Topics
        • 10.1.5.2. Domain Lab Environment
      • 10.1.6. Knowledge Base
        • 10.1.6.1. Awesome series
        • 10.1.6.2. Bug Hunting
        • 10.1.6.3. Java
        • 10.1.6.4. Red-Blue confrontation
        • 10.1.6.5. Post penetratio
    • 10.2. Related papers
    • 10.3. Information Collection
    • 10.4. Social Engineering
    • 10.5. Fuzzing
    • 10.6. Exploitation/Detection
    • 10.7. Near source penetration
    • 10.8. Web Persistence
    • 10.9. Lateral movement
    • 10.10. Cloud Security
    • 10.11. Operating System Persistence
    • 10.12. Audit Tools
    • 10.13. Defense
    • 10.14. Secure Development
    • 10.15. Operation and Maintenance
    • 10.16. Forensics
    • 10.17. Others
  • 11. Manual Quick Check
  • 12. Others
Web Security Learning
  • »
  • 10. Tools and Resources »
  • 10.1. Recommended Resources

10.1. Recommended Resources¶

10.1.1. Book List¶

10.1.1.1. Frontend¶

  • Web Trouble

  • White hats talk about web security

  • White hats talk about browser security (Wenxiang Qian)

  • Web front-end hacking techniques revealed

  • Analysis and Defense of XSS Cross-Site Scripting Attacks

  • SQL Injection Attack and Defense

10.1.1.2. Network¶

  • Understanding linux network internals

  • TCP/IP Architecture, Design, and Implementation in Linux

  • Linux Kernel Networking: Implementation and Theory

  • Bulletproof SSL and TLS

  • UNIX Network Programming

  • Detailed explanation of TCP/IP protocol

10.1.1.3. SEO¶

  • The Art of SEO

10.1.1.4. Wireless Attack and Defense¶

  • Wireless network security attack and defense

  • Advanced wireless network security attack and defense

  • Hackers Revealed - Near Source Penetration Testing (Chai Kunzhe, etc.)

10.1.1.5. Hacking Programming¶

  • Gray Hat Python

10.1.1.6. Social Engineering¶

  • Social Engineering: Human Vulnerabilities in Security Systems

  • The art of anti-deception

  • Anti-Invasion Art

10.1.1.7. Data Security¶

  • Big data governance and security from theory to open source practice (Liu Chi, etc.)

  • Enterprise big data processing Spark, Druid, Flume and Kafka application practice (Xiao Guanyu)

  • Data Security Architecture Design and Practice (Zheng Yunwen)

10.1.1.8. Machine Learning and Network Security¶

  • Web Security Deep Learning Practice (Liu Yan)

  • Introduction to Machine Learning for Web Security (Liu Yan)

  • Reinforcement Learning and GAN for Web Security (Liu Yan)

  • Introduction to Adversarial Samples in AI Security (Brother Pocket)

10.1.1.9. Safety Construction¶

  • Introduction to Enterprise Security Construction - Building Enterprise Network Security Based on Open Source Software (Liu Yan)

  • Enterprise Security Construction Guide - Security Architecture and Technical Practice in the Financial Industry (Nie Jun, etc.)

  • Security Architecture of Large Internet Enterprises (Shi Zuwen)

  • CISSP Official Study Guide

  • CISSP Certification Exam Guide

  • Linux system security defense-in-depth, security scanning and intrusion detection (Xu Feng)

10.1.1.10. General¶

  • In-depth analysis of web security

  • Hacking Tips - A Practical Guide to Penetration Testing

  • Hacker attack and defense technology collection - web combat articles

10.1.1.11. Legal¶

  • Information Security Standards and Laws and Regulations (Second Edition) (Note: Wuhan University Press)

10.1.2. WebSite¶

  • https://adsecurity.org/

10.1.3. Blog¶

  • https://www.leavesongs.com/

  • https://paper.seebug.org/

  • https://xz.aliyun.com/

  • https://portswigger.net/blog

  • https://www.hackerone.com/blog

10.1.4. Bug Bounty¶

  • https://www.hackerone.com/

  • https://bugcrowd.com

  • https://www.synack.com/

  • https://cobalt.io/

10.1.5. Experimental Environment¶

10.1.5.1. Web Security Related CTF Topics¶

  • https://github.com/orangetw/My-CTF-Web-Challenges

  • https://www.ripstech.com/php-security-calendar-2017/

  • https://github.com/wonderkun/CTF_web

  • https://github.com/CHYbeta/Code-Audit-Challenges

  • https://github.com/l4wio/CTF-challenges-by-me

  • https://github.com/tsug0d/MyAwesomeWebChallenge

  • https://github.com/a0xnirudh/kurukshetra

  • http://www.xssed.com/

10.1.5.2. Domain Lab Environment¶

  • Adaz: Active Directory Hunting Lab in Azure

  • Detection Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices

10.1.6. Knowledge Base¶

10.1.6.1. Awesome series¶

  • Awesome CobaltStrike

  • Awesome Cybersecurity Blue Team

  • Awesome Hacking

  • awesome sec talks

  • Awesome Security

  • awesome web security

  • Awesome-Android-Security

10.1.6.2. Bug Hunting¶

  • HowToHunt Tutorials and Things to Do while Hunting Vulnerability

10.1.6.3. Java¶

  • learnjavabug Java security related vulnerabilities and technical demos

10.1.6.4. Red-Blue confrontation¶

  • atomic red team Small and highly portable detection tests based on MITRE’s ATT&CK

10.1.6.5. Post penetratio¶

  • Powershell Attack Guide Post-Hack Penetration

  • Active Directory Exploitation Cheat Sheet

Previous Next

© Copyright 2019-2022, WebSecurity.

Built with Sphinx using a theme provided by Read the Docs.