1
Posted on 2:23 AM by Softminer and filed under

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications


This is very good overview of application gateway


for more details view this video:






7
Posted on 3:03 AM by Softminer and filed under

Training github workshop
https://github.com/sapran/appsec_awareness_training


Enter your email and tells you if your email is being leacked
https://haveibeenpwned.com/


Owas top 10 volnerability
https://www.owasp.org/index.php/Top_10-2017_Top_10


Reward to hackers to found bugs
https://www.bugcrowd.com/bug-bounty-list/

web-dvwa is a docker sample in php which shows volnerabilities
the sample used is
https://hub.docker.com/r/vulnerables/web-dvwa/
docker pull vulnerables/web-dvwa
docker run --rm -it -p 1080:80 vulnerables/web-dvwa



















Gives you xss code that you can use in xss
https://xsshunter.com/app

SQL INJECTION
http://sqlmap.org/


List of Payload for different payloads
https://github.com/danielmiessler/SecLists


Cheat sheet
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet


OWASP Zed Attack Proxy (ZAP)
https://www.zaproxy.org/


Sonarqube
https://www.sonarqube.org/
https://hub.docker.com/_/sonarqube/
continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities


MS Threat Modeling Tool
https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
can be used to draw your software diagram and shows you the threats


















List on known Groups per country
https://attack.mitre.org/


Security Check for http headers
https://securityheaders.com/


Test SSL server certificate
https://www.ssllabs.com/ssltest/


DAST, or Dynamic Application Security Testing
SAST, or Static Application Security Testing
IAST or Interactive Application Security Testing


Burp Suite is a graphical tool for testing Web application security
https://portswigger.net/burp

more functionality than fiddler, to start proxy should set to localhost 8080
Go here and download and install certificate http://localhost:8080/
intercept is to record traffic

https://attack.mitre.org/
List of organization and attacks

check your security headers

https://securityheaders.com/