Skip to content

My Application Security Notes - web, mobile, thick client, API, and more.

Notifications You must be signed in to change notification settings

nybble04/appsec-notes

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

58 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Application Security Notes

devsecops components

Topics:

  • This is an ever-growing checklist that expands with my never-ending learning. 🤓
  • Links to supplementary resources or credits are added within the notes.
  • I'm no expert, so feel free to raise a PR with any corrections.

Web Application Security

  • OWASP Top 10
  • XSS, CSP
  • CSRF, CORS, SOP
  • Open redirect
  • SSRF
  • SQLi
  • NoSQLi
  • XPATHi
  • XXE
  • LFI, RFI
  • SSTI
  • JWT
  • Broken Access Control, IDOR
  • Clickjacking
  • Business Logic Flaws
  • Race Conditions
  • HTTP Host header Attacks
  • OAuth 2.0
  • SAML
  • Web Socket Vulnerabilities
  • Insecure deserialization
  • Prototype Pollution
  • HTTP Request Smuggling
  • Web Cache Poisoning
  • DOM vulnerabilities

Mobile Security

  • OWASP Top 10
  • Android
  • iOS

API Security

  • OWASP Top 10
  • REST API
  • GraphQL

Thick Client Security

  • Thick/Heavy/Rich/Fat client

DevSecOps Concepts

  • Concepts - ShiftLeft, Agile, CI/CD, SAST/SCA
  • Docker Security
  • Kubernetes Security
  • Threat Modeling