= Infosec super-thread =
A big part of my presos is tools/resources I like for offensive security & bug hunting.
Here's a thread of "PRINT" resources cited in the Bug Hunter's Methodology Application Analysis v1
docs.google.com
a 🧵
#bugbountytips #Pentesting
1/x
A big part of my presos is tools/resources I like for offensive security & bug hunting.
Here's a thread of "PRINT" resources cited in the Bug Hunter's Methodology Application Analysis v1
docs.google.com
a 🧵
#bugbountytips #Pentesting
1/x
The Web Application Hacker's Handbook is a pre-requisite for all web assessments. Do not sleep on it due to publish date. It remains the 👑 book for web assessment.
amazon.com
by @DafyddStuttard & Marcus Pinto @MDSecLabs
2/x
amazon.com
by @DafyddStuttard & Marcus Pinto @MDSecLabs
2/x
The next print resource is @yaworsk's Real-World Bug Hunting:
amazon.com
This is a great supplement to the above WAHH. It has so many great explanations and examples of real bugs to study.
3/x
amazon.com
This is a great supplement to the above WAHH. It has so many great explanations and examples of real bugs to study.
3/x
Next:
(free) The @owasp Testing Guide and the OWASP ASVS (Application Security Verification Standard) are both great semi-print projects to guide and supplement web application assessment folk in their approach.
owasp.org
owasp.org
4/x
(free) The @owasp Testing Guide and the OWASP ASVS (Application Security Verification Standard) are both great semi-print projects to guide and supplement web application assessment folk in their approach.
owasp.org
owasp.org
4/x
owasp.org/www-project-we…
OWASP Web Security Testing Guide | OWASP Foundation
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource fo...
owasp.org/www-project-ap…
OWASP Application Security Verification Standard | OWASP Foundation
The OWASP Application Security Verification Standard (ASVS) Project is a framework of security requi...
A newer resource that both benefits security testers AND bug hunters is @vickieli7's "Bug Bounty Bootcamp"
amazon.com
An excellent zero-to-hero print resource for web security.
5/x
amazon.com
An excellent zero-to-hero print resource for web security.
5/x
The Hacker's Playbook (1 & 2 & 3) give practical command line and contextual information from the field.
amazon.com
These are great references to have on the shelf and encompass web and network testing.
@hackerplaybook
6/x
amazon.com
These are great references to have on the shelf and encompass web and network testing.
@hackerplaybook
6/x
Breaking into Information Security by @ZephrFish is a great meta resource not only coving tech skills but also soft skills for new people entering the field:
leanpub.com
7/x
leanpub.com
7/x
Hands on Hacking has an encompassing view of what day-to-day security testing might look like, including reporting 😅 While some techniques are now dated, still a great resource.
amazon.com
8/x
amazon.com
8/x
The Bug Bounty Playbook (1 & 2) by Alex Thomas (@ghostlulz1337) are excellent references and collections of tips and tricks. Very similar to many of my talks. A great modern desk reference.
payhip.com
payhip.com
9/x
payhip.com
payhip.com
9/x
That's all the semi-PRINT/Book resources I like the best.
What are yours? 🤔
Look out for the next thread covering PRACTICE targets for testing to get your skills 💪
10/x
What are yours? 🤔
Look out for the next thread covering PRACTICE targets for testing to get your skills 💪
10/x
a NEW one I missed because it was later in the talk,
Corey Ball's (@hAPI_hacker)
Hacking APIs - Breaking Web Application Programming Interfaces
nostarch.com
I'm really enjoying this one so far!
12/x
Corey Ball's (@hAPI_hacker)
Hacking APIs - Breaking Web Application Programming Interfaces
nostarch.com
I'm really enjoying this one so far!
12/x
جاري تحميل الاقتراحات...