⚡️ Огромная коллекция видео по поиску уязвимостей веб-приложений.

⚡️ Огромная коллекция видео по поиску уязвимостей веб-приложений.

Полезные материалы по тестированию веб-приложений на различные уязвимости. Все гайды разбиты на категории, в зависимости от типа атак и уязвимостей.

• [History;

](https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes#phase-1--history)• [Web and Server Technology;

](https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes#phase-2--web-and-server-technology)• [Setting up the lab with BurpSuite and bWAPP;

](https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes#phase-3--setting-up-the-lab-with-burpsuite-and-bwapp)• [Mapping the application and attack surface;

](https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes#phase-4--mapping-the-application-and-attack-surface)• [Understanding and exploiting OWASP top 10 vulnerabilities;

](https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes#phase-5--understanding-and-exploiting-owasp-top-10-vulnerabilities)• [Session management testing;

](https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes#phase-6--session-management-testing)• [Bypassing client-side controls;

](https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes#phase-7--bypassing-client-side-controls)• [Attacking authentication/login;

](https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes#phase-8--attacking-authenticationlogin)• [Attacking access controls (IDOR, Priv esc, hidden files and directories);

](https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes#phase-9---attacking-access-controls-idor-priv-esc-hidden-files-and-directories)• Attacking Input validations (All injections, XSS and mics);

• Business logic vulnerability.[

](https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes#phase-10--attacking-input-validations-all-injections-xss-and-mics)• [Generating and testing error codes;

](https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes#phase-11--generating-and-testing-error-codes)• Weak cryptography testing;

🎞 Полный список

📎Сохраняйте себе, чтобы не потерять[

](https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes#phase-12--weak-cryptography-testing)

@linuxacademiya