Personal collection of tutorial resources that can be helpful in my quest to security research and web application hacking. Credit to BugCroud, most resources were from thier blog posts. Please let me know if you have any suggestions for resources that i should add to this list.
- Tutorial on cross-site scripting A comprehensive tutorial on cross-site scripting
- Attacks using XSS Filters/IDS Favorite XSS Filters/IDS and how to attack them- PDF
- XSS Introduction Introduction to cross-site scripting Google
- Cross-Site Request Forgery Finding and Preventing CSRF- PDF
- [Exploiting CSRF Vulnerabilities] (http://tipstrickshack.blogspot.jp/2012/10/how-to-exploit-csfr-vulnerabilitycsrf.html) How to exploit CSRF Vulnerabilities
- SQL InjectionIntroduction to SQL Injection
- [MSSQL Injection PWNage] (https://www.exploit-db.com/papers/12975/)Full MSSQL Injection PWNage
- [Everything SQL injection] (http://www.troyhunt.com/2013/07/everything-you-wanted-to-know-about-sql.html)Everything you wanted to know about SQL injection
- [Finding RCE] (http://exploit-db.com/papers/12885/)How to find RCE in scripts with examples
- [Yahoo LFI Converted to RCE] (https://soroush.secproject.com/blog/2013/10/yahoo-bug-bounty-program-lfi-reported-and-patched/) Yahoo LFI Converted to RCE
- [Remote Code Execution in Elasticsearch] (http://jordan-wright.com/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/) Remote Code Execution in Elasticsearch - CVE-2015-1427
- XXE Detection Generic XXE Detection
- [XML Out-Of-Band Data Retrieval] (https://media.blackhat.com/eu-13/briefings/Osipov/bh-eu-13-XML-data-osipov-slides.pdf)
- SSRF vs XXE tunneling in SAP SSRF vs. Business-critical applications: XXE tunneling in SAP
- About XXE What you don't know about XXE
- SSRF Attacks
- [How to steal and modify data using Business Logic flaws] (https://www.youtube.com/watch?v=mQjTgDuLsp4)
- [Exploiting CVE-2011-2461 on google.com] (http://blog.mindedsecurity.com/2015/03/exploiting-cve-2011-2461-on-googlecom.html)
- InjectX to find XSS
- Debugging Java Applications Debugging Java Applications Using JDB and how to use CMD
- Hacking Android Apps Hacking Android Apps Using Backup Techniques
- [Setting Up a Mobile Pentesting Platform]
- [iOS Application Security]