From 3967b67e7373419cda250d286fbfb2687c08b6e6 Mon Sep 17 00:00:00 2001 From: mazzma12 Date: Thu, 5 May 2022 16:35:54 +0200 Subject: [PATCH 1/2] Add mention of Crowdsec in README --- README.md | 203 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 105 insertions(+), 98 deletions(-) diff --git a/README.md b/README.md index d5e072b..8397605 100644 --- a/README.md +++ b/README.md @@ -18,104 +18,110 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ## Contents -- [Digests](#digests) -- [Forums](#forums) -- [Introduction](#intro) - - [XSS](#xss---cross-site-scripting) - - [Prototype Pollution](#prototype-pollution) - - [CSV Injection](#csv-injection) - - [SQL Injection](#sql-injection) - - [Command Injection](#command-injection) - - [ORM Injection](#orm-injection) - - [FTP Injection](#ftp-injection) - - [XXE](#xxe---xml-external-entity) - - [CSRF](#csrf---cross-site-request-forgery) - - [Clickjacking](#clickjacking) - - [SSRF](#ssrf---server-side-request-forgery) - - [Web Cache Poisoning](#web-cache-poisoning) - - [Relative Path Overwrite](#relative-path-overwrite) - - [Open Redirect](#open-redirect) - - [SAML](#saml) - - [Upload](#upload) - - [Rails](#rails) - - [AngularJS](#angularjs) - - [ReactJS](#reactjs) - - [SSL/TLS](#ssltls) - - [Webmail](#webmail) - - [NFS](#nfs) - - [AWS](#aws) - - [Azure](#azure) - - [Fingerprint](#fingerprint) - - [Sub Domain Enumeration](#sub-domain-enumeration) - - [Crypto](#crypto) - - [Web Shell](#web-shell) - - [OSINT](#osint) - - [DNS Rebinding](#dns-rebinding) - - [Deserialization](#deserialization) - - [OAuth](#oauth) - - [JWT](#jwt) -- [Evasions](#evasions) - - [XXE](#evasions-xxe) - - [CSP](#evasions-csp) - - [WAF](#evasions-waf) - - [JSMVC](#evasions-jsmvc) - - [Authentication](#evasions-authentication) -- [Tricks](#tricks) - - [CSRF](#tricks-csrf) - - [Clickjacking](#tricks-clickjacking) - - [Remote Code Execution](#tricks-rce) - - [XSS](#tricks-xss) - - [SQL Injection](#tricks-sql-injection) - - [NoSQL Injection](#tricks-nosql-injection) - - [FTP Injection](#tricks-ftp-injection) - - [XXE](#tricks-xxe) - - [SSRF](#tricks-ssrf) - - [Web Cache Poisoning](#tricks-web-cache-poisoning) - - [Header Injection](#tricks-header-injection) - - [URL](#tricks-url) - - [Deserialization](#tricks-deserialization) - - [OAuth](#tricks-oauth) - - [Others](#tricks-others) -- [Browser Exploitation](#browser-exploitation) -- [PoCs](#pocs) - - [Database](#pocs-database) -- [Cheetsheets](#cheetsheets) -- [Tools](#tools) - - [Auditing](#tools-auditing) - - [Command Injection](#tools-command-injection) - - [Reconnaissance](#tools-reconnaissance) - - [OSINT](#tools-osint) - - [Sub Domain Enumeration](#tools-sub-domain-enumeration) - - [Code Generating](#tools-code-generating) - - [Fuzzing](#tools-fuzzing) - - [Scanning](#tools-scanning) - - [Penetration Testing](#tools-penetration-testing) - - [Leaking](#tools-leaking) - - [Offensive](#tools-offensive) - - [XSS](#tools-xss) - - [SQL Injection](#tools-sql-injection) - - [Template Injection](#tools-template-injection) - - [XXE](#tools-xxe) - - [CSRF](#tools-csrf) - - [SSRF](#tools-ssrf) - - [Detecting](#tools-detecting) - - [Preventing](#tools-preventing) - - [Proxy](#tools-proxy) - - [Webshell](#tools-webshell) - - [Disassembler](#tools-disassembler) - - [Decompiler](#tools-decompiler) - - [DNS Rebinding](#tools-dns-rebinding) - - [Others](#tools-others) -- [Social Engineering Database](#social-engineering-database) -- [Blogs](#blogs) -- [Twitter Users](#twitter-users) -- [Practices](#practices) - - [Application](#practices-application) - - [AWS](#practices-aws) - - [XSS](#practices-xss) - - [ModSecurity / OWASP ModSecurity Core Rule Set](#practices-modsecurity) -- [Community](#community) -- [Miscellaneous](#miscellaneous) +- [Awesome Web Security ![Awesome](https://github.com/sindresorhus/awesome)](#awesome-web-security-) + - [Contents](#contents) + - [Digests](#digests) + - [Forums](#forums) + - [Introduction](#introduction) + - [XSS - Cross-Site Scripting](#xss---cross-site-scripting) + - [Prototype Pollution](#prototype-pollution) + - [CSV Injection](#csv-injection) + - [SQL Injection](#sql-injection) + - [Command Injection](#command-injection) + - [ORM Injection](#orm-injection) + - [FTP Injection](#ftp-injection) + - [XXE - XML eXternal Entity](#xxe---xml-external-entity) + - [CSRF - Cross-Site Request Forgery](#csrf---cross-site-request-forgery) + - [Clickjacking](#clickjacking) + - [SSRF - Server-Side Request Forgery](#ssrf---server-side-request-forgery) + - [Web Cache Poisoning](#web-cache-poisoning) + - [Relative Path Overwrite](#relative-path-overwrite) + - [Open Redirect](#open-redirect) + - [Security Assertion Markup Language (SAML)](#security-assertion-markup-language-saml) + - [Upload](#upload) + - [Rails](#rails) + - [AngularJS](#angularjs) + - [ReactJS](#reactjs) + - [SSL/TLS](#ssltls) + - [Webmail](#webmail) + - [NFS](#nfs) + - [AWS](#aws) + - [Azure](#azure) + - [Fingerprint](#fingerprint) + - [Sub Domain Enumeration](#sub-domain-enumeration) + - [Crypto](#crypto) + - [Web Shell](#web-shell) + - [OSINT](#osint) + - [DNS Rebinding](#dns-rebinding) + - [Deserialization](#deserialization) + - [OAuth](#oauth) + - [JWT](#jwt) + - [Evasions](#evasions) + - [XXE](#xxe) + - [CSP](#csp) + - [WAF](#waf) + - [JSMVC](#jsmvc) + - [Authentication](#authentication) + - [Tricks](#tricks) + - [CSRF](#csrf) + - [Clickjacking](#clickjacking-1) + - [Remote Code Execution](#remote-code-execution) + - [XSS](#xss) + - [SQL Injection](#sql-injection-1) + - [NoSQL Injection](#nosql-injection) + - [FTP Injection](#ftp-injection-1) + - [XXE](#xxe-1) + - [SSRF](#ssrf) + - [Web Cache Poisoning](#web-cache-poisoning-1) + - [Header Injection](#header-injection) + - [URL](#url) + - [Deserialization](#deserialization-1) + - [OAuth](#oauth-1) + - [Others](#others) + - [Browser Exploitation](#browser-exploitation) + - [Frontend (like SOP bypass, URL spoofing, and something like that)](#frontend-like-sop-bypass-url-spoofing-and-something-like-that) + - [Backend (core of Browser implementation, and often refers to C or C++ part)](#backend-core-of-browser-implementation-and-often-refers-to-c-or-c-part) + - [PoCs](#pocs) + - [Database](#database) + - [Cheetsheets](#cheetsheets) + - [Tools](#tools) + - [Auditing](#auditing) + - [Command Injection](#command-injection-1) + - [Reconnaissance](#reconnaissance) + - [OSINT - Open-Source Intelligence](#osint---open-source-intelligence) + - [Sub Domain Enumeration](#sub-domain-enumeration-1) + - [Code Generating](#code-generating) + - [Fuzzing](#fuzzing) + - [Scanning](#scanning) + - [Penetration Testing](#penetration-testing) + - [Offensive](#offensive) + - [XSS - Cross-Site Scripting](#xss---cross-site-scripting-1) + - [SQL Injection](#sql-injection-2) + - [Template Injection](#template-injection) + - [XXE](#xxe-2) + - [Cross Site Request Forgery](#cross-site-request-forgery) + - [Server-Side Request Forgery](#server-side-request-forgery) + - [Leaking](#leaking) + - [Detecting](#detecting) + - [Preventing](#preventing) + - [Proxy](#proxy) + - [Webshell](#webshell) + - [Disassembler](#disassembler) + - [Decompiler](#decompiler) + - [DNS Rebinding](#dns-rebinding-1) + - [Others](#others-1) + - [Social Engineering Database](#social-engineering-database) + - [Blogs](#blogs) + - [Twitter Users](#twitter-users) + - [Practices](#practices) + - [Application](#application) + - [AWS](#aws-1) + - [XSS](#xss-1) + - [ModSecurity / OWASP ModSecurity Core Rule Set](#modsecurity--owasp-modsecurity-core-rule-set) + - [Community](#community) + - [Miscellaneous](#miscellaneous) + - [Code of Conduct](#code-of-conduct) + - [License](#license) ## Digests @@ -735,6 +741,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ### Preventing +- [CrowdSec](https://github.com/crowdsecurity/crowdsec) A next-gen collaborative IPS, written in Go, able to analyze visitor behavior & provide an adapted response to all kinds of attacks. Users can share their alerts about threats with the community and benefit from the network effect. - [DOMPurify](https://github.com/cure53/DOMPurify) - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by [Cure53](https://cure53.de/). - [js-xss](https://github.com/leizongmin/js-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https://github.com/leizongmin). - [Acra](https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https://www.cossacklabs.com/). From 92baea3898905a4b2452a90c3a5996b690c49b3e Mon Sep 17 00:00:00 2001 From: mazzma12 Date: Thu, 5 May 2022 16:36:28 +0200 Subject: [PATCH 2/2] Add mention of Crowdsec in README other languages --- README-jp.md | 203 ++++++++++++++++++++++++++------------------------- README-zh.md | 203 ++++++++++++++++++++++++++------------------------- 2 files changed, 210 insertions(+), 196 deletions(-) diff --git a/README-jp.md b/README-jp.md index ba555ae..813013d 100644 --- a/README-jp.md +++ b/README-jp.md @@ -18,104 +18,110 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ## Contents -- [Digests](#digests) -- [Forums](#forums) -- [Introduction](#intro) - - [XSS](#xss---cross-site-scripting) - - [Prototype Pollution](#prototype-pollution) - - [CSV Injection](#csv-injection) - - [SQL Injection](#sql-injection) - - [Command Injection](#command-injection) - - [ORM Injection](#orm-injection) - - [FTP Injection](#ftp-injection) - - [XXE](#xxe---xml-external-entity) - - [CSRF](#csrf---cross-site-request-forgery) - - [Clickjacking](#clickjacking) - - [SSRF](#ssrf---server-side-request-forgery) - - [Web Cache Poisoning](#web-cache-poisoning) - - [Relative Path Overwrite](#relative-path-overwrite) - - [Open Redirect](#open-redirect) - - [SAML](#saml) - - [Upload](#upload) - - [Rails](#rails) - - [AngularJS](#angularjs) - - [ReactJS](#reactjs) - - [SSL/TLS](#ssltls) - - [Webmail](#webmail) - - [NFS](#nfs) - - [AWS](#aws) - - [Azure](#azure) - - [Fingerprint](#fingerprint) - - [Sub Domain Enumeration](#sub-domain-enumeration) - - [Crypto](#crypto) - - [Web Shell](#web-shell) - - [OSINT](#osint) - - [DNS Rebinding](#dns-rebinding) - - [Deserialization](#deserialization) - - [OAuth](#oauth) - - [JWT](#jwt) -- [Evasions](#evasions) - - [XXE](#evasions-xxe) - - [CSP](#evasions-csp) - - [WAF](#evasions-waf) - - [JSMVC](#evasions-jsmvc) - - [Authentication](#evasions-authentication) -- [Tricks](#tricks) - - [CSRF](#tricks-csrf) - - [Clickjacking](#tricks-clickjacking) - - [Remote Code Execution](#tricks-rce) - - [XSS](#tricks-xss) - - [SQL Injection](#tricks-sql-injection) - - [NoSQL Injection](#tricks-nosql-injection) - - [FTP Injection](#tricks-ftp-injection) - - [XXE](#tricks-xxe) - - [SSRF](#tricks-ssrf) - - [Web Cache Poisoning](#tricks-web-cache-poisoning) - - [Header Injection](#tricks-header-injection) - - [URL](#tricks-url) - - [Deserialization](#tricks-deserialization) - - [OAuth](#tricks-oauth) - - [Others](#tricks-others) -- [Browser Exploitation](#browser-exploitation) -- [PoCs](#pocs) - - [Database](#pocs-database) -- [Cheetsheets](#cheetsheets) -- [Tools](#tools) - - [Auditing](#tools-auditing) - - [Command Injection](#tools-command-injection) - - [Reconnaissance](#tools-reconnaissance) - - [OSINT](#tools-osint) - - [Sub Domain Enumeration](#tools-sub-domain-enumeration) - - [Code Generating](#tools-code-generating) - - [Fuzzing](#tools-fuzzing) - - [Scanning](#tools-scanning) - - [Penetration Testing](#tools-penetration-testing) - - [Leaking](#tools-leaking) - - [Offensive](#tools-offensive) - - [XSS](#tools-xss) - - [SQL Injection](#tools-sql-injection) - - [Template Injection](#tools-template-injection) - - [XXE](#tools-xxe) - - [CSRF](#tools-csrf) - - [SSRF](#tools-ssrf) - - [Detecting](#tools-detecting) - - [Preventing](#tools-preventing) - - [Proxy](#tools-proxy) - - [Webshell](#tools-webshell) - - [Disassembler](#tools-disassembler) - - [Decompiler](#tools-decompiler) - - [DNS Rebinding](#tools-dns-rebinding) - - [Others](#tools-others) -- [Social Engineering Database](#social-engineering-database) -- [Blogs](#blogs) -- [Twitter Users](#twitter-users) -- [Practices](#practices) - - [Application](#practices-application) - - [AWS](#practices-aws) - - [XSS](#practices-xss) - - [ModSecurity / OWASP ModSecurity Core Rule Set](#practices-modsecurity) -- [Community](#community) -- [Miscellaneous](#miscellaneous) +- [Awesome Web Security - JP ![Awesome](https://github.com/sindresorhus/awesome)](#awesome-web-security---jp-) + - [Contents](#contents) + - [Digests](#digests) + - [Forums](#forums) + - [Introduction](#introduction) + - [XSS - Cross-Site Scripting](#xss---cross-site-scripting) + - [Prototype Pollution](#prototype-pollution) + - [CSV Injection](#csv-injection) + - [SQL Injection](#sql-injection) + - [Command Injection](#command-injection) + - [ORM Injection](#orm-injection) + - [FTP Injection](#ftp-injection) + - [XXE - XML eXternal Entity](#xxe---xml-external-entity) + - [CSRF - Cross-Site Request Forgery](#csrf---cross-site-request-forgery) + - [Clickjacking](#clickjacking) + - [SSRF - Server-Side Request Forgery](#ssrf---server-side-request-forgery) + - [Web Cache Poisoning](#web-cache-poisoning) + - [Relative Path Overwrite](#relative-path-overwrite) + - [Open Redirect](#open-redirect) + - [Security Assertion Markup Language (SAML)](#security-assertion-markup-language-saml) + - [Upload](#upload) + - [Rails](#rails) + - [AngularJS](#angularjs) + - [ReactJS](#reactjs) + - [SSL/TLS](#ssltls) + - [Webmail](#webmail) + - [NFS](#nfs) + - [AWS](#aws) + - [Azure](#azure) + - [Fingerprint](#fingerprint) + - [Sub Domain Enumeration](#sub-domain-enumeration) + - [Crypto](#crypto) + - [Web Shell](#web-shell) + - [OSINT](#osint) + - [DNS Rebinding](#dns-rebinding) + - [Deserialization](#deserialization) + - [OAuth](#oauth) + - [JWT](#jwt) + - [Evasions](#evasions) + - [XXE](#xxe) + - [CSP](#csp) + - [WAF](#waf) + - [JSMVC](#jsmvc) + - [Authentication](#authentication) + - [Tricks](#tricks) + - [CSRF](#csrf) + - [Clickjacking](#clickjacking-1) + - [Remote Code Execution](#remote-code-execution) + - [XSS](#xss) + - [SQL Injection](#sql-injection-1) + - [NoSQL Injection](#nosql-injection) + - [FTP Injection](#ftp-injection-1) + - [XXE](#xxe-1) + - [SSRF](#ssrf) + - [Web Cache Poisoning](#web-cache-poisoning-1) + - [Header Injection](#header-injection) + - [URL](#url) + - [Deserialization](#deserialization-1) + - [OAuth](#oauth-1) + - [Others](#others) + - [Browser Exploitation](#browser-exploitation) + - [Frontend (like SOP bypass, URL spoofing, and something like that)](#frontend-like-sop-bypass-url-spoofing-and-something-like-that) + - [Backend (core of Browser implementation, and often refers to C or C++ part)](#backend-core-of-browser-implementation-and-often-refers-to-c-or-c-part) + - [PoCs](#pocs) + - [Database](#database) + - [Cheetsheets](#cheetsheets) + - [Tools](#tools) + - [Auditing](#auditing) + - [Command Injection](#command-injection-1) + - [Reconnaissance](#reconnaissance) + - [OSINT - Open-Source Intelligence](#osint---open-source-intelligence) + - [Sub Domain Enumeration](#sub-domain-enumeration-1) + - [Code Generating](#code-generating) + - [Fuzzing](#fuzzing) + - [Scanning](#scanning) + - [Penetration Testing](#penetration-testing) + - [Offensive](#offensive) + - [XSS - Cross-Site Scripting](#xss---cross-site-scripting-1) + - [SQL Injection](#sql-injection-2) + - [Template Injection](#template-injection) + - [XXE](#xxe-2) + - [Cross Site Request Forgery](#cross-site-request-forgery) + - [Server-Side Request Forgery](#server-side-request-forgery) + - [Leaking](#leaking) + - [Detecting](#detecting) + - [Preventing](#preventing) + - [Proxy](#proxy) + - [Webshell](#webshell) + - [Disassembler](#disassembler) + - [Decompiler](#decompiler) + - [DNS Rebinding](#dns-rebinding-1) + - [Others](#others-1) + - [Social Engineering Database](#social-engineering-database) + - [Blogs](#blogs) + - [Twitter Users](#twitter-users) + - [Practices](#practices) + - [Application](#application) + - [AWS](#aws-1) + - [XSS](#xss-1) + - [ModSecurity / OWASP ModSecurity Core Rule Set](#modsecurity--owasp-modsecurity-core-rule-set) + - [Community](#community) + - [Miscellaneous](#miscellaneous) + - [Code of Conduct](#code-of-conduct) + - [License](#license) ## Digests @@ -741,6 +747,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ### Preventing +- [CrowdSec](https://github.com/crowdsecurity/crowdsec) A next-gen collaborative IPS, written in Go, able to analyze visitor behavior & provide an adapted response to all kinds of attacks. Users can share their alerts about threats with the community and benefit from the network effect. - [DOMPurify](https://github.com/cure53/DOMPurify) - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by [Cure53](https://cure53.de/). - [js-xss](https://github.com/leizongmin/js-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https://github.com/leizongmin). - [Acra](https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https://www.cossacklabs.com/). diff --git a/README-zh.md b/README-zh.md index 86dfa05..818cb40 100644 --- a/README-zh.md +++ b/README-zh.md @@ -18,104 +18,110 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ## Contents -- [Digests](#digests) -- [Forums](#forums) -- [Introduction](#intro) - - [XSS](#xss---cross-site-scripting) - - [Prototype Pollution](#prototype-pollution) - - [CSV Injection](#csv-injection) - - [SQL Injection](#sql-injection) - - [Command Injection](#command-injection) - - [ORM Injection](#orm-injection) - - [FTP Injection](#ftp-injection) - - [XXE](#xxe---xml-external-entity) - - [CSRF](#csrf---cross-site-request-forgery) - - [Clickjacking](#clickjacking) - - [SSRF](#ssrf---server-side-request-forgery) - - [Web Cache Poisoning](#web-cache-poisoning) - - [Relative Path Overwrite](#relative-path-overwrite) - - [Open Redirect](#open-redirect) - - [SAML](#saml) - - [Upload](#upload) - - [Rails](#rails) - - [AngularJS](#angularjs) - - [ReactJS](#reactjs) - - [SSL/TLS](#ssltls) - - [Webmail](#webmail) - - [NFS](#nfs) - - [AWS](#aws) - - [Azure](#azure) - - [Fingerprint](#fingerprint) - - [Sub Domain Enumeration](#sub-domain-enumeration) - - [Crypto](#crypto) - - [Web Shell](#web-shell) - - [OSINT](#osint) - - [DNS Rebinding](#dns-rebinding) - - [Deserialization](#deserialization) - - [OAuth](#oauth) - - [JWT](#jwt) -- [Evasions](#evasions) - - [XXE](#evasions-xxe) - - [CSP](#evasions-csp) - - [WAF](#evasions-waf) - - [JSMVC](#evasions-jsmvc) - - [Authentication](#evasions-authentication) -- [Tricks](#tricks) - - [CSRF](#tricks-csrf) - - [Clickjacking](#tricks-clickjacking) - - [Remote Code Execution](#tricks-rce) - - [XSS](#tricks-xss) - - [SQL Injection](#tricks-sql-injection) - - [NoSQL Injection](#tricks-nosql-injection) - - [FTP Injection](#tricks-ftp-injection) - - [XXE](#tricks-xxe) - - [SSRF](#tricks-ssrf) - - [Web Cache Poisoning](#tricks-web-cache-poisoning) - - [Header Injection](#tricks-header-injection) - - [URL](#tricks-url) - - [Deserialization](#tricks-deserialization) - - [OAuth](#tricks-oauth) - - [Others](#tricks-others) -- [Browser Exploitation](#browser-exploitation) -- [PoCs](#pocs) - - [Database](#pocs-database) -- [Cheetsheets](#cheetsheets) -- [Tools](#tools) - - [Auditing](#tools-auditing) - - [Command Injection](#tools-command-injection) - - [Reconnaissance](#tools-reconnaissance) - - [OSINT](#tools-osint) - - [Sub Domain Enumeration](#tools-sub-domain-enumeration) - - [Code Generating](#tools-code-generating) - - [Fuzzing](#tools-fuzzing) - - [Scanning](#tools-scanning) - - [Penetration Testing](#tools-penetration-testing) - - [Leaking](#tools-leaking) - - [Offensive](#tools-offensive) - - [XSS](#tools-xss) - - [SQL Injection](#tools-sql-injection) - - [Template Injection](#tools-template-injection) - - [XXE](#tools-xxe) - - [CSRF](#tools-csrf) - - [SSRF](#tools-ssrf) - - [Detecting](#tools-detecting) - - [Preventing](#tools-preventing) - - [Proxy](#tools-proxy) - - [Webshell](#tools-webshell) - - [Disassembler](#tools-disassembler) - - [Decompiler](#tools-decompiler) - - [DNS Rebinding](#tools-dns-rebinding) - - [Others](#tools-others) -- [Social Engineering Database](#social-engineering-database) -- [Blogs](#blogs) -- [Twitter Users](#twitter-users) -- [Practices](#practices) - - [Application](#practices-application) - - [AWS](#practices-aws) - - [XSS](#practices-xss) - - [ModSecurity / OWASP ModSecurity Core Rule Set](#practices-modsecurity) -- [Community](#community) -- [Miscellaneous](#miscellaneous) +- [Awesome Web Security - ZH ![Awesome](https://github.com/sindresorhus/awesome)](#awesome-web-security---zh-) + - [Contents](#contents) + - [Digests](#digests) + - [Forums](#forums) + - [Introduction](#introduction) + - [XSS - Cross-Site Scripting](#xss---cross-site-scripting) + - [Prototype Pollution](#prototype-pollution) + - [CSV Injection](#csv-injection) + - [SQL Injection](#sql-injection) + - [Command Injection](#command-injection) + - [ORM Injection](#orm-injection) + - [FTP Injection](#ftp-injection) + - [XXE - XML eXternal Entity](#xxe---xml-external-entity) + - [CSRF - Cross-Site Request Forgery](#csrf---cross-site-request-forgery) + - [Clickjacking](#clickjacking) + - [SSRF - Server-Side Request Forgery](#ssrf---server-side-request-forgery) + - [Web Cache Poisoning](#web-cache-poisoning) + - [Relative Path Overwrite](#relative-path-overwrite) + - [Open Redirect](#open-redirect) + - [Security Assertion Markup Language (SAML)](#security-assertion-markup-language-saml) + - [Upload](#upload) + - [Rails](#rails) + - [AngularJS](#angularjs) + - [ReactJS](#reactjs) + - [SSL/TLS](#ssltls) + - [Webmail](#webmail) + - [NFS](#nfs) + - [AWS](#aws) + - [Azure](#azure) + - [Fingerprint](#fingerprint) + - [Sub Domain Enumeration](#sub-domain-enumeration) + - [Crypto](#crypto) + - [Web Shell](#web-shell) + - [OSINT](#osint) + - [DNS Rebinding](#dns-rebinding) + - [Deserialization](#deserialization) + - [OAuth](#oauth) + - [JWT](#jwt) + - [Evasions](#evasions) + - [XXE](#xxe) + - [CSP](#csp) + - [WAF](#waf) + - [JSMVC](#jsmvc) + - [Authentication](#authentication) + - [Tricks](#tricks) + - [CSRF](#csrf) + - [Clickjacking](#clickjacking-1) + - [Remote Code Execution](#remote-code-execution) + - [XSS](#xss) + - [SQL Injection](#sql-injection-1) + - [NoSQL Injection](#nosql-injection) + - [FTP Injection](#ftp-injection-1) + - [XXE](#xxe-1) + - [SSRF](#ssrf) + - [Web Cache Poisoning](#web-cache-poisoning-1) + - [Header Injection](#header-injection) + - [URL](#url) + - [Deserialization](#deserialization-1) + - [OAuth](#oauth-1) + - [Others](#others) + - [Browser Exploitation](#browser-exploitation) + - [Frontend (like SOP bypass, URL spoofing, and something like that)](#frontend-like-sop-bypass-url-spoofing-and-something-like-that) + - [Backend (core of Browser implementation, and often refers to C or C++ part)](#backend-core-of-browser-implementation-and-often-refers-to-c-or-c-part) + - [PoCs](#pocs) + - [Database](#database) + - [Cheetsheets](#cheetsheets) + - [Tools](#tools) + - [Auditing](#auditing) + - [Command Injection](#command-injection-1) + - [Reconnaissance](#reconnaissance) + - [OSINT - Open-Source Intelligence](#osint---open-source-intelligence) + - [Sub Domain Enumeration](#sub-domain-enumeration-1) + - [Code Generating](#code-generating) + - [Fuzzing](#fuzzing) + - [Scanning](#scanning) + - [Penetration Testing](#penetration-testing) + - [Offensive](#offensive) + - [XSS - Cross-Site Scripting](#xss---cross-site-scripting-1) + - [SQL Injection](#sql-injection-2) + - [Template Injection](#template-injection) + - [XXE](#xxe-2) + - [Cross Site Request Forgery](#cross-site-request-forgery) + - [Server-Side Request Forgery](#server-side-request-forgery) + - [Leaking](#leaking) + - [Detecting](#detecting) + - [Preventing](#preventing) + - [Proxy](#proxy) + - [Webshell](#webshell) + - [Disassembler](#disassembler) + - [Decompiler](#decompiler) + - [DNS Rebinding](#dns-rebinding-1) + - [Others](#others-1) + - [Social Engineering Database](#social-engineering-database) + - [Blogs](#blogs) + - [Twitter Users](#twitter-users) + - [Practices](#practices) + - [Application](#application) + - [AWS](#aws-1) + - [XSS](#xss-1) + - [ModSecurity / OWASP ModSecurity Core Rule Set](#modsecurity--owasp-modsecurity-core-rule-set) + - [Community](#community) + - [Miscellaneous](#miscellaneous) + - [Code of Conduct](#code-of-conduct) + - [License](#license) ## Digests @@ -788,6 +794,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ### Preventing +- [CrowdSec](https://github.com/crowdsecurity/crowdsec) A next-gen collaborative IPS, written in Go, able to analyze visitor behavior & provide an adapted response to all kinds of attacks. Users can share their alerts about threats with the community and benefit from the network effect. - [DOMPurify](https://github.com/cure53/DOMPurify) - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by [Cure53](https://cure53.de/). - [js-xss](https://github.com/leizongmin/js-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https://github.com/leizongmin). - [Acra](https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https://www.cossacklabs.com/).