Skip to content

Home

Jump to bottom Edit New page
relotnek edited this page Mar 25, 2016 · 16 revisions

Welcome to the security testing wiki!

These are resources, tools and attacks collected from the internet to help with appsec testing.

General SQLI Resources

W3school's - SQL injection

SQLZoo's SQL Injection walkthrough51

NTO's SQLi Cheatsheet

Websec.ca's SQLi mega-resource

Ferruh Mavituna's SQLi cheatsheet

The SQL Injection Wiki

SQLi Resources

NetSpaker SQLi Cheat Sheet

DBMS Specific Resources:

mySQL:

PentestMonkey's mySQL injection cheatsheet

Reiners mySQL injection Filter Evasion Cheatsheet

MSSQL:

EvilSQL's Error/Union/Blind MSSQL Cheatsheet

PentestMonkey's MSSQL SQLi injection Cheatsheet

ORACLE:

PentestMonkey's Oracle SQLi Cheatsheet

POSTGRES:

PentestMonkey's Postgres SQLi Cheatsheet

Rails

Ruby on Rails (Active Record) SQL Injection Guide

SQLite

SQLite3 Injection Cheat sheet

Others

Access SQLi Cheatsheet

PentestMonkey's Ingres SQL Injection Cheat Sheet

Pentestmonkey's DB2 SQL Injection Cheat Sheet

Pentestmonkey's Informix SQL Injection Cheat Sheet

Bobby-tables.com's guide to preventing SQLi in almost every language

OWASP's SQL Prevention Cheatsheet

SQLMap Cheatsheet

SQLMap Cheatsheet

Tools

NoSQLMap

Link to various cheatsheets

Cheatsheets

preeny - Some helpful preload libraries for pwning stuff.

ClickJacking PoC

XSS

retire.js - discover vulnerable js versions

casperXSS - Reflective/DOM XSS

XSS Payloads - Payloads for using

HTML 5

HTML5 Security Cheatsheet

Mobile

iOS

idb

iRet

Android

Exploits

exploit-database

https://github.com/PenturaLabs/Linux_Exploit_Suggester

Pwnwiki - Post Exploitation Steps

Analysis

pipal - password analyser

Fuzzing

List of 'naughty' strings

AFL fuzzer

Misc

Other lists

Awesome-Security

For better learnin'

Add a custom sidebar

Clone this wiki locally