1
Posted on 2:23 AM by Softminer and filed under
azure
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications
This is very good overview of application gateway
for more details view this video:
7
Training github workshop
https://github.com/sapran/appsec_awareness_training
Enter your email and tells you if your email is being leacked
https://haveibeenpwned.com/
Owas top 10 volnerability
https://www.owasp.org/index.php/Top_10-2017_Top_10
Reward to hackers to found bugs
https://www.bugcrowd.com/bug-bounty-list/
web-dvwa is a docker sample in php which shows volnerabilities
the sample used is
https://hub.docker.com/r/vulnerables/web-dvwa/
docker pull vulnerables/web-dvwa
docker run --rm -it -p 1080:80 vulnerables/web-dvwa
Gives you xss code that you can use in xss
https://xsshunter.com/app
SQL INJECTION
http://sqlmap.org/
List of Payload for different payloads
https://github.com/danielmiessler/SecLists
Cheat sheet
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
OWASP Zed Attack Proxy (ZAP)
https://www.zaproxy.org/
Sonarqube
https://www.sonarqube.org/
https://hub.docker.com/_/sonarqube/
continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities
MS Threat Modeling Tool
https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
can be used to draw your software diagram and shows you the threats
List on known Groups per country
https://attack.mitre.org/
Security Check for http headers
https://securityheaders.com/
Test SSL server certificate
https://www.ssllabs.com/ssltest/
DAST, or Dynamic Application Security Testing
SAST, or Static Application Security Testing
IAST or Interactive Application Security Testing
Burp Suite is a graphical tool for testing Web application security
https://portswigger.net/burp
more functionality than fiddler, to start proxy should set to localhost 8080
Go here and download and install certificate http://localhost:8080/
intercept is to record traffic
https://attack.mitre.org/
List of organization and attacks
check your security headers
https://securityheaders.com/
Posted on 3:03 AM by Softminer and filed under
security
Training github workshop
https://github.com/sapran/appsec_awareness_training
Enter your email and tells you if your email is being leacked
https://haveibeenpwned.com/
Owas top 10 volnerability
https://www.owasp.org/index.php/Top_10-2017_Top_10
Reward to hackers to found bugs
https://www.bugcrowd.com/bug-bounty-list/
web-dvwa is a docker sample in php which shows volnerabilities
the sample used is
https://hub.docker.com/r/vulnerables/web-dvwa/
docker pull vulnerables/web-dvwa
docker run --rm -it -p 1080:80 vulnerables/web-dvwa
Gives you xss code that you can use in xss
https://xsshunter.com/app
SQL INJECTION
http://sqlmap.org/
List of Payload for different payloads
https://github.com/danielmiessler/SecLists
Cheat sheet
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
OWASP Zed Attack Proxy (ZAP)
https://www.zaproxy.org/
Sonarqube
https://www.sonarqube.org/
https://hub.docker.com/_/sonarqube/
continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities
MS Threat Modeling Tool
https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
can be used to draw your software diagram and shows you the threats
List on known Groups per country
https://attack.mitre.org/
Security Check for http headers
https://securityheaders.com/
Test SSL server certificate
https://www.ssllabs.com/ssltest/
DAST, or Dynamic Application Security Testing
SAST, or Static Application Security Testing
IAST or Interactive Application Security Testing
Burp Suite is a graphical tool for testing Web application security
https://portswigger.net/burp
more functionality than fiddler, to start proxy should set to localhost 8080
Go here and download and install certificate http://localhost:8080/
intercept is to record traffic
https://attack.mitre.org/
List of organization and attacks
check your security headers
https://securityheaders.com/