There are number of new hackers joining the community on regular basis and this raises the question of "How do I get started and what are some good resources?" and we hope to help with those questions using this repository. As a hacker, there a ton of techniques, terminologies, and topics you need to familiarize yourself with to understand how an application works. Cody Brocious (@daeken) and I put these resources together in order to help new hackers with resources to learn basics of Web Application Security.
We understand that there are more resources other than the ones we have listed and we hope to cover more resources in the near future!
- All in one resource https://www.hacker101.com/sessions/web_in_depth
- Headers https://www.tutorialspoint.com/http/http_header_fields.htm
- Request form https://www.tutorialspoint.com/http/http_requests.htm
- Response form https://www.tutorialspoint.com/http/http_responses.htm
- Response codes https://www.tutorialspoint.com/http/http_status_codes.htm
- URL Encoding https://www.tutorialspoint.com/http/http_url_encoding.htm
- Methods https://www.tutorialspoint.com/http/http_status_codes.htm
- All in one resource https://www.amazon.com/Networking-All-One-Dummies-Doug/dp/1119154723/
- Terminology https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-and-protocols
- What is an IP? https://commotionwireless.net/docs/cck/networking/learn-networking-basics/
- What are ports? https://www.utilizewindows.com/list-of-common-network-port-numbers/
- What is DNS? https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records--cms-24704
- Intermediate Security Testing with Kali Linux 2 http://www.penguintutor.com/linux/basic-network-reference
- HTML https://www.w3schools.com/html/
- JavaScript https://javascript.info/
- SQL http://www.sqlcourse.com/
- Python https://docs.python.org/3/tutorial/
- Bash https://www.learnshell.org/
- Additional Resources:
- Setting up your own web server on a VPS https://www.linux.com/learn/easy-lamp-server-installation
- Setting up virtualbox + linux https://linuxconfig.org/how-to-install-kali-linux-on-virtualbox
- Basics of UNIX https://lifehacker.com/5633909/who-needs-a-mouse-learn-to-use-the-command-line-for-almost-anything
- Setting up Burp https://www.hacker101.com/playlists/burp_suite
- Previously Disclosed Vulnerabilities https://hackerone.com/hacktivity
As we start to build this repository, we'll be adding more vulnerability types and resources for each one. XSS is a great place to start as it's one of the most popular and easiest vulnerabilities to find in a web application.
- Hacker101 https://www.hacker101.com/sessions/xss
- OWASP https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
- A comprehensive tutorial on cross-site scripting https://excess-xss.com
- Google Application Security (XSS Guide) https://www.google.com/intl/am_AD/about/appsecurity/learning/xss/
- XSS-Game https://xss-game.appspot.com
- Hacker101 https://hacker101.com
- PentesterLab https://pentesterlab.com
- HackEdu https://hackedu.io
- DWVA http://www.dvwa.co.uk
- Google Gruyere https://google-gruyere.appspot.com/