Scribd
Upload
223 views

Hitchiker's Guide To Web Pentesting

This document provides a collection of resources for learning about web application penetration testing. It includes links to guides on web application structure and development, tutorials for languages like JavaScript, SQL and Python, tools for testing like Burp Suite and Kali Linux, documentation of common vulnerabilities like the OWASP Top 10, and several vulnerable web applications that can be used for hands-on learning like Juice Shop, WebGoat and security games at itsecgames.com.

Uploaded by

haritha kusal
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
223 views

Hitchiker's Guide To Web Pentesting

This document provides a collection of resources for learning about web application penetration testing. It includes links to guides on web application structure and development, tutorials for languages like JavaScript, SQL and Python, tools for testing like Burp Suite and Kali Linux, documentation of common vulnerabilities like the OWASP Top 10, and several vulnerable web applications that can be used for hands-on learning like Juice Shop, WebGoat and security games at itsecgames.com.

Uploaded by

haritha kusal
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Hitchhiker's Guide To Web Pentesting.

***The Hitchhiker's Guide to Web App Pen Testing***


https://www.darkreading.com/application-security/the-hitchhikers-guide-to-web-app-pen-testing/a/d-id/
1337974

Web Demystified - YouTube


https://www.youtube.com/playlist?list=PLo3w8EB99pqLEopnunz-dOOBJ8t-Wgt2g

<checklist>
six2dez Pentest Book
https://six2dez.gitbook.io/pentest-book/

Web Application Penetration Testing: Minimum Checklist Based on the


OWASP Testing Guide
https://www.apriorit.com/dev-blog/622-qa-web-application-pen-testing-ow
asp-checklist
<checklist>

Developer guides | MDN


https://developer.mozilla.org/en-US/docs/Web/Guide

Ajax - Developer guides | MDN


https://developer.mozilla.org/en-US/docs/Web/Guide/AJAX

Guide to Web APIs - Developer guides | MDN


https://developer.mozilla.org/en-US/docs/Web/Guide/API

JavaScript | MDN
https://developer.mozilla.org/en-US/docs/Web/JavaScript

Localizations and character encodings - Developer guides | MDN


https://developer.mozilla.org/en-US/docs/Web/Guide/Localizations_and_character_encoding
s

Parsing and serializing XML - Developer guides | MDN


https://developer.mozilla.org/en-US/docs/Web/Guide/Parsing_and_serializing_XML

HTTP | MDN
https://developer.mozilla.org/en-US/docs/Web/HTTP

PentesterLab: Learn Web App Pentesting!


https://pentesterlab.com/exercises/web_for_pentester/cour
se

PentesterLab: Learn Web App Pentesting!


https://pentesterlab.com/exercises/web_for_pentester_ii/cours
e
apache - Difference between web server, application server and database server - Stack Overflow
https://stackoverflow.com/questions/13042840/difference-between-web-server-application-server-and
-database-server/38262405

How a Web application works


https://alb.host.cs.st-andrews.ac.uk/webdatabases/howwebapp.htm

Database Applications and the Web - Web Database Applications with PHP and MySQL, 2nd Edition
[Book] https://www.oreilly.com/library/view/web-database-applications/0596005431/ch01.html

An Introduction to Networking Terminology, Interfaces, and Protocols | DigitalOcean


https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces
-and-protocols

5 steps to simple role-based access control (RBAC) | CSO Online


https://www.csoonline.com/article/3060780/5-steps-to-simple-role-based-access-control.html

CheatSheetSeries/Access_Control_Cheat_Sheet.md at master · OWASP/CheatSheetSeries · GitHub


https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/
Access_Control_Cheat_Sheet.md

Implementing Role Based Security in a Web App | by Marcel Schoffelmeer | Bluecore Engineering |
Medium
https://medium.com/bluecore-engineering/implementing-role-based-security-in-a-web-app-
89b66d1410e4

Learn JavaScript | Codecademy


https://www.codecademy.com/learn/introduction-to-javascript

Learn JavaScript - Free Interactive JavaScript Tutorial


https://www.learn-js.org/

SQLZOO
https://sqlzoo.net/

Learn Python - Free Interactive Python Tutorial


https://www.learnpython.org/

Google's Python Class | Python Education | Google Developers


https://developers.google.com/edu/python

A Command Line Crash Course | Viking Code School


https://www.vikingcodeschool.com/web-development-basics/a-command-line-crash-course

A Command Line Primer for Beginners


https://lifehacker.com/a-command-line-primer-for-beginners-5633909

Download Burp Suite Community Edition - PortSwigger


https://portswigger.net/burp/communitydownload
Burp Suite Professional - PortSwigger
https://portswigger.net/burp/pro

Kali Linux & Metasploit: Getting Started with Pen Testing | by Nicholas Handy | cyberdefenders |
Medium
https://medium.com/cyberdefendersprogram/kali-linux-metasploit-getting-started-with-pen-testing-
89d28944097b

The Web Application Hacker's Handbook | Web Security Academy


https://portswigger.net/web-security/web-application-hackers-handbook
Using Burp to Test for the OWASP Top Ten - PortSwigger
https://portswigger.net/support/using-burp-to-test-for-the-owasp-top-ten

Pick a Vulnerability to Learn About


https://www.hacksplaining.com/lessons

GitHub - infoslack/awesome-web-hacking: A list of web application security


https://github.com/infoslack/awesome-web-hacking

GitHub - infoslack/awesome-web-hacking: A list of web application security


https://github.com/infoslack/awesome-web-hacking#labs

PentesterLab: Learn Web Penetration Testing: The Right Way


https://pentesterlab.com/

PentesterLab: PentesterLab: Bootcamp


https://pentesterlab.com/bootcamp

Juice Shop - Insecure Web Application for Training | OWASP


https://owasp.org/www-project-juice-shop/

OWASP WebGoat - Learn the hack - Stop the attack


https://owasp.org/www-project-webgoat/

itsecgames.com
http://www.itsecgames.com/

OWASP Foundation | Open Source Foundation for Application Security


https://owasp.org/

You might also like