Verification strategies for common web vulnerabilities (a must for newbies)
First of all, I wish you all a happy April Fool's Day, keep your jokes in moderation, and have fun with all the "fools".
Secondly, I think back when I first entered the pit, I didn’t know much about it, and no one was there to guide me. I usually used to focus on XSS. Later, when XSS was protected, I looked for logical loopholes. In the end, when I really couldn’t do it, I just found some low-risk ones to make up for it. I felt that life was very complicated. It was difficult. At that time, I thought it would be nice if there was a slightly more comprehensive vulnerability mining guide that I could refer to and learn from my experience. This way, I would be able to produce more or less vulnerabilities, and I would have some confidence in my mind. Then I would search and browse on the Internet, and I would also learn from the experience. There are indeed many articles written by masters that are very good. I will learn a little bit today and a little bit tomorrow, and I will slowly accumulate them in this way. Then I recently dug out the reports I wrote before, coded them, sorted them out and released them. I hope they can be useful to newcomers. The newcomers brought in some reference value can be considered as contributing a small amount to the safety circle.
The first draft compiled about 61 common web vulnerability mining and verification methods. Due to the large number, most of them were compiled in piecemeal time. If you have any questions, please contact us for revision.
Finally, I formed a security team with my friends - Jumang Security Lab. Everyone is welcome to pay attention.
Follow the official account of the file and reply with the keywords according to the prompts to get the download link!
