It covers web security majorly
- Web Security Tutorials for Beginners
- Web Security Fundamentals for Beginners
- CS 253 Web Security form Stanford
- CS253: Web Security from Stanford University
- CS253: Reading materials
- WebApp Security bootcamp
- Web Security Academy
- OWASP WebGoat
- OWASP Juice Shop
- This is Legal app
- Hack This Site
- Google Gruyere
- Damn Vulnerable Web Application (DVWA)
- Nikto: Web server scanner
- fierce: DNS reconnaissance tool for discovering subdomains and potential attack vectors
- owaspZAP (OWASP Zed Attack Proxy): Open-source web application scanner for finding vulnerabilities and testing app security.
- BurpSuite: Comprehensive web security testing tool for performing vulnerability scans, manual testing, and exploitation.
- sqlmap: Open-source tool that automates the detection and exploitation of SQL injection vulnerabilities.
- w3af: Web application attack and audit framework that helps identify and exploit vulnerabilities.
- BeEF (Browser Exploitation Framework): Tool for targeting and exploiting vulnerabilities in web browsers.
- Pentest Tools
- Acunetix: Automated web application security testing tool - paid tool by invicti (formerly NetSparker)
- Wfuzz: Web application security bruteforcing tool. Great for fuzzing
- Amass: Subdomain enumeration and attack surface mapping.
- Dirb: Web content discovery scanner using a directory file
- WhatWeb: Web application fingerprinting tool
- WPScan: WordPress vulnerability scanner for installed plugins
- XSStrike: XSS vulnerability scanner by Somdev Sangwan
- HTTrack: Website copier tool or an offline browser utility
- nmap: Network discovery and security auditing tool.
- OSCP by Offensive Security
- OSWE by Offensive Security
- GWEB by SANS
- GWAPT by SANS
- eWPT by eLearnSecurity
- CEWPT by Mile2
- WAPT by 7Safe