Application Security Cheat Sheet
Container Analysis Tools
Abusing HTTP hop-by-hop Request Headers
Content Security Policy
File Upload Vulnerabilities
HTTP Header Security
HTTP Request Smuggling
Improper Rate Limits
JSON Web Token Vulnerabilities
OAuth 2.0 Vulnerabilities
Server Side Request Forgery
Web Cache Poisoning
Default Credentials Cheat Sheet
- one place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password.
PWDB - New generation of Password Mass-Analysis
- a collection of all the data extracted from 1 billion credential leaks from the Internet.
- personal compilation of wordlists & dictionaries for everything; users, passwords, directories, files, vulnerabilities, fuzzing, injections, wordlists of tools, etc.
- a collection of multiple types of lists used during security assessments.
- high quality wordlists for content and subdomain discovery.
- swagger files collected from a number of datasources, including an internet wide scan for the 40+ most common swagger path.
- potentially dangerous files.
- a collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs and etc.
Next - Resources