A collection of research papers, checklists, cheatsheet, best practises, blogs, softwares, libraries, documents, books resources and tons of cool stuff about bug hunting, security research.
Inspired by worldwide security researchers.
Thanks to all contributors.
Getting Started
How to Become a Bug Bounty Hunter
Researcher Resources - How to become a Bug Bounty Hunter
Bug Bounties 101
The life of a bug bounty hunter
Bug Bounty Cheatsheets
https://github.com/EdOverflow/bugbounty-cheatsheet
http://n0p.net/penguicon/php_app_sec/mirror/xss.html - XSS cheatsheet
https://highon.coffee/blog/lfi-cheat-sheet - LFI Cheat Sheet
https://highon.coffee/blog/reverse-shell-cheat-sheet - Reverse Shell Cheat Sheet
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet - SQL Injection Cheat Sheet
https://www.gracefulsecurity.com/path-traversal-cheat-sheet-windows - Path Traversal Cheat Sheet: Windows
Getting Started - Bug Bounty Hunter Methodology
https://jasonhaddix.com/the-bug-hunters-methodology-2-0
https://blog.bugcrowd.com/getting-started-bug-bounty-hunter-methodology
https://media.rootcon.org/ROOTCON%2011/Trainings/The%20Bug%20Hunters%20Methodology%202.pdf
https://docs.google.com/presentation/d/1p8QiqbGndcEx1gm4_d3ne2fqeTqCTurTC77Lxe82zLY/edit#slide=id.p
Writing Successful Bug Submissions – Bug Bounty Hunter Methodology
https://researcherdocs.bugcrowd.com/docs/reporting-a-bug-old
https://www.bugcrowd.com/writing-successful-bug-submissions-bug-bounty-hunter-methodology
Bug Bounty Programs
Platforms List
https://www.bugcrowd.com
https://www.hackerone.com
https://www.synack.com
Write Ups & Authors
sakurity.com/blog - by Egor Homakov
respectxss.blogspot.in - by Ashar Javed
cliffordtrigo.info - by Clifford Trigo
websecresearch.in - by AN
stephensclafani.com - by Stephen Sclafani
sasi2103.blogspot.co.il - by Sasi Levi
pwnsecurity.net - by Shashank
breaksec.com - by Nir Goldshlager
pwndizzle.blogspot.in - by Alex Davies
c0rni3sm.blogspot.in - by yappare
exploit.co.il/blog - by Shai rod
ibreak.software - by Riyaz Ahemed Walikar
panchocosil.blogspot.in - by Francisco Correa
securitylearn.net - by Satish Bommisetty
secinfinity.net - by Prakash Sharma
websecuritylog.com - by jitendra jaiswal
medium.com/@ajdumanhug - by Allan Jay Dumanhug
Videos Tutorials for Web Applications Pen-Testing & Web Services Pen-Testing
http://www.irongeek.com/i.php?page=videos%2Fweb-application-pen-testing-tutorials-with-mutillidae
http://webappsecmovies.sourceforge.net/webgoat
http://www.irongeek.com/i.php?page=security%2Fhackingillustrated
http://citylan.dl.sourceforge.net/project/webappsecmovies/web/webgoat/%5B20130604%5D%20Complete-Webgoat-Training-Movies--by-YGN-Ethical-Hacker-Group_Myanmar.zip
Free Information Security Certifications https://www.cybrary.it
Security Testing Guides
https://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf
http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf
https://www.owasp.org/images/0/0f/OWASP_T10_-_2010_rc1.pdf
http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx
Resources for Insecure Direct Object Reference Vulnerability
https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References
https://www.owasp.org/index.php/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet
http://blog.logrhythm.com/digital-forensics/detecting-and-defending-against-insecure-direct-object-reference-vulnerabilities-using-log-data-part-1
http://www.cisodesk.com/web-application-security/threats-mitigation/insecure-direct-object-references
http://avsecurity.in/2013/06/nokia-insecure-direct-object-reference
http://www.jtmelton.com/2010/05/10/the-owasp-top-ten-and-esapi-part-5-insecure-direct-object-reference
http://www.troyhunt.com/2010/09/owasp-top-10-for-net-developers-part-4.html
http://www.slideshare.net/RapPayne/a4-insecure-direct-object-referencepptx
http://www.blackstratus.com/enterprise/log-management/insecure-direct-object-reference
https://www.aspectsecurity.com/news/secure-software-development/owasp-beware-insecure-direct-object-reference-attacks
http://www.terrymarshall.com.au/Blog/tabid/162/EntryId/101/Security-Risks-Part-5-Insecure-Direct-Object-References.aspx
http://support.godaddy.com/help/article/6736/insecure-direct-object-references
http://bretthard.in/2009/07/insecure-direct-object-reference
http://www.securatary.com/Portals/0/Vulnerabilities/Mura%20CMS/Mura%20CMS%20Take%20Over.pdf
Burp Tutorials
http://portswigger.net/burp/help/suite_gettingstarted.html
http://www.securityninja.co.uk/application-security/burp-suite-tutorial-sequencer-tool
http://www.tssci-security.com/archives/2007/12/21/testing-for-randomness-and-predictability-using-burp-sequencer
http://www.mcgrewsecurity.com/2007/04/19/using-the-burp-suite-to-bypass-weird-access-controls
http://www.spylogic.net/2012/08/burp-suite-series-efficient-use-of-payload-options-when-attacking-http-basic-authentication
http://blog.eviltester.com/2011/04/no-excuses-learn-burp-suite-to-aid-your-web-testing.html
http://searchsecurity.techtarget.in/tutorial/Burp-Suite-Tutorial-Part-2-Intruder-and-repeater-tools
Vulnerabilities Databases
http://cve.mitre.org - Common Vulnerabilities and Exposures. The Standard for Information Security Vulnerability Names.
https://www.exploit-db.com - The Exploit Database – ultimate archive of Exploits, Shellcode, and Security Papers.
http://0day.today - Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
http://osvdb.org - OSVDB's goal is to provide accurate, detailed, current, and unbiased technical security information.
http://www.securityfocus.com - Since its inception in 1999, SecurityFocus has been a mainstay in the security community.
http://packetstormsecurity.com - Global Security Resource.
https://wpvulndb.com - WPScan Vulnerability Database