Displaying 1 to 10 from 10 results

awesome-web-security - 🐶 A curated list of Web Security materials and resources.

  •    

🐶 Curated list of Web Security materials and resources.Needless to say, most of websites on-line are suffered from various type of bugs, which might eventually lead to vulnerabilities. Why would this happen so often? Many factors can be involved, including misconfiguration, shortage of engineers' security skills, and etc. Therefore, here is the curated list of Web Security materials and resources for learning the cutting edge penetrating techniques.

xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

  •    HTML

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws, see: Types of Cross-Site Scripting.

RTA - Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets

  •    Python

Red Team Arsenal is a web/network security scanner which has the capability to scan all company's online facing assets and provide an holistic security view of any security anomalies. It's a closely linked collections of security engines to conduct/simulate attacks and monitor public facing assets for anomalies and leaks. It's an intelligent scanner detecting security anomalies in all layer 7 assets and gives a detailed report with integration support with nessus. As companies continue to expand their footprint on INTERNET via various acquisitions and geographical expansions, human driven security engineering is not scalable, hence, companies need feedback driven automated systems to stay put.

lighthouse-security - Runs the default Google Lighthouse tests with additional security tests

  •    Javascript

Runs the default Google Lighthouse tests with additional security tests.Run the command from CLI like displayed below. The options are the same as for the default Lighthouse CLI options.




quarantyne - Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails

  •    Java

TL;DR Quarantyne is a reverse-proxy that protects web applications and APIs from fraudulent behavior, misuse, bots and cyber-attacks in real-time. Quarantyne is a reverse-proxy written in java. It fronts a web application or API and protects it from fraudulent behavior, misuse, bots and cyber-attacks. It cannot stop them all, but it will definitely make it harder and more expensive to perform.

wasec - Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book

  •    Javascript

Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book. Each of the directories in this repo has its own README, so go ahead and explore! A good place to start? Check the clickjacking example.

PentestResources - A list of resources for Pentesting from various sources

  •    

This repository contains various resources taken from different repostories on github which have been combined together for ease of access.