sudoninja book
  • sudoninja book
  • About us
  • Security Area
    • Penetration Testing Methodologies
      • 7 Layer
    • How to Find CVE
      • TOP All bugbounty pentesting CVE
      • What is CVE
      • Where I try to find vulnerability and exploit
      • How to find vulnerability (approach).
      • How to Request CVE
      • My CVE
      • My submission on exploit DB
      • Write up and CVE
      • Published CVE on website
    • DAST/SAST
    • Penetration-Testing
      • Offensive-Resources
      • pentest tool
      • Mind map
    • Web Application Penetration Testing
      • Web Pentesting Methodology
      • Video
      • Cheat sheet
      • Book
      • Lab
      • Mind Map
      • Check list
      • Blog
      • Payload
      • Report
      • Tool
    • Network Penetration Testing
      • Checklist
    • Mobile Penetration testing
      • Mobile PT methology
      • APK Penetration Testing
      • Android PT
        • Methology
        • Github
        • video
        • Report
        • Tool
        • Mind Map
        • Payload
        • Cheat sheet
        • Check list
        • Lab
        • Book
        • Blog
      • iOS PT
        • Methology
        • Check list
        • Github
        • Lab
        • Book
        • Payload
        • Report
        • Mind Map
        • Blog
        • Tool
        • Video
      • Cheatsheet
      • Mind Map
    • Active Directory penetration testing
      • Methodology
      • Note
      • Checklist
      • Mind map
      • Cheatsheet
      • Tool
      • Note
      • Lab
      • Payload
    • API Penetration Testing
      • Methodology
      • Video
      • Book
      • Mind map
      • Lab
      • Checklist
      • Blog
      • Payload
      • Report
      • Tool
    • Source Code Review
      • Mindmap
      • Link
      • Blog
    • CTF
      • Practice
        • Youtube
        • CTF
    • IOT Penetration Testing
      • Methodology
      • Cheat sheet
      • Book
      • Mind Map
      • Check list
      • Blog
      • Video
      • Report
      • Tool
    • Red Teaming
      • Mind map
      • OSINT
      • Configure your own vulnerable CTF machine
    • Cloud Security
      • Google Cloud Platform
      • Azure
      • Report
      • AWS
      • Lab
    • Bug Bounty Hunting
      • Learning Engine for Bug Hunter
      • bug bounty tips
        • Book
        • Guide
      • Cheat sheet
      • Bugbounty writeup - medium / others
      • Hackerone Report
      • Recon map
      • Writeups
      • Bug bounty Platform
      • Tool
    • Thick Client Pentesting
    • Malware Analysis
    • DevSecOps
    • Wireless Penetration Testing
      • Note
      • Cheatsheet
  • Practice and improve skills
  • list of Vulnerabilities-1
    • 2FA/OTP Bypass
    • Account Takeover
    • Apache Log Poisoning through LFI
    • Broken Links
    • Bruteforcing
    • Business Logic Flaws
    • Broken Authentication & Session Management
    • Cross Site Scripting
    • Crawl/Fuzz
    • Content Security Policy (CSP)
    • CORS
    • CSRF
    • Clickjacking
    • CRLF
    • Command Injection
    • Client Side Template Injection (CSTI)
    • cookie
    • Cookies Hacking
    • Captcha Bypass
    • Dangling Markup - HTML scriptless injection
    • Deserialization
    • Directory Browsing
    • DNS Rebinding
    • Email Header Injection
    • Email attacks
    • File Inclusion/Path traversal
    • File Upload
    • Github Recon
    • Header injections
    • HTTP Request Smuggling
    • HTTP Parameter pollution
    • HTML Injection
    • HTTP Authentication
    • HTTP Protocol
    • IDOR
    • JWT Vulnerabilities (Json Web Tokens)
    • LDAP Injection
    • NoSQL injection
    • Open Redirect
    • Online hashes cracked
    • Race Condition
    • Ruby on Rails
    • Rate Limit Bypass
    • Pastejacking
    • Path Traversal
    • Password Reset
    • Prototype Pollution
    • SQL Injection
    • SSRF (Server Side Request Forgery)
    • SSTI (Server Side Template Injection)
    • Session fixation
    • Subdomain Takeover
    • S3 Bucket
    • Unicode Normalization vulnerability
    • XPATH injection
    • XSLT Server Side Injection
    • XXE - XML External Entity
    • XS-Search
    • Web Cache Deception
    • Web Sockets
    • Webshells
  • list of Vulnerabilities-2
    • Web Application Vulnerability 2022
  • Tool
    • sqlmap
      • Sql login bypass
    • Extra
    • Github
    • Search Engine for Hackers
    • Burp Extensions
    • Dorks
    • Python
    • one line script
      • more
  • Note
  • AWAE/OSWE
    • Cherry Tree
  • Burp Suite Certified Practitioner
    • Sql Injection
  • Pentesting Bible
  • Free Certification
  • Hack The Box
  • Bookmark
  • Report
  • Lab
    • MY Machine
  • Framework
    • OWASP guide
      • Map
      • OWASP Cheatsheet
  • CheatSheet
  • Mind Map
  • Certifications
  • Research Tool
  • Learn for Fun
    • Email spoofing
  • POST
    • Here are 24 websites to learn Linux for free:
    • 39 cybersecurity news resources
    • 30 cybersecurity search engines
    • 27 ways to learn ethical hacking for free
Powered by GitBook
On this page

Was this helpful?

  1. Security Area
  2. Web Application Penetration Testing

Book

PreviousCheat sheetNextLab

Last updated 4 years ago

Was this helpful?

  1. Web application hand book 2 ()

  2. OTG 4.2

  3. refer bug bounty book

http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/8126533404/ The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws
http://www.amazon.com/Hacking-Web-Apps-Preventing-Application/dp/159749951X/ Hacking Web Apps: Detecting and Preventing Web Application Security Problems
http://www.amazon.com/Hacking-Exposed-Web-Applications-Third/dp/0071740643/ Hacking Exposed Web Applications
http://www.amazon.com/SQL-Injection-Attacks-Defense-Second/dp/1597499633/ SQL Injection Attacks and Defense
http://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886/ The Tangled WEB: A Guide to Securing Modern Web Applications
http://www.amazon.com/Web-Application-Obfuscation-Evasion-Filters/dp/1597496049/ Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'
http://www.amazon.com/XSS-Attacks-Scripting-Exploits-Defense/dp/1597491543/ XSS Attacks: Cross Site Scripting Exploits and Defense
http://www.amazon.com/Browser-Hackers-Handbook-Wade-Alcorn/dp/1118662091/ The Browser Hacker’s Handbook
http://www.amazon.com/Basics-Web-Hacking-Techniques-Attack/dp/0124166008/ The Basics of Web Hacking: Tools and Techniques to Attack the Web
http://www.amazon.com/Web-Penetration-Testing-Kali-Linux/dp/1782163166/ Web Penetration Testing with Kali Linux
http://www.amazon.com/Web-Application-Security-Beginners-Guide/dp/0071776168/ Web Application Security, A Beginner's Guide
https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ Hacking: The Art of Exploitation
https://www.crypto101.io/ - Crypto 101 is an introductory course on cryptography
http://www.offensive-security.com/metasploit-unleashed/ - Metasploit Unleashed
http://www.cl.cam.ac.uk/~rja14/book.html - Security Engineering
https://www.feistyduck.com/library/openssl-cookbook/ - OpenSSL Cookbook
https://www.manning.com/books/real-world-cryptography - Learn and apply cryptographic techniques.
https://samsclass.info/129S/129S_S20.shtml