Giters

nybble04 / appsec-notes

My Application Security Notes - web, mobile, thick client, API, and more.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

api-securityapplication-securitycybersecurityinformation-securityinterview-preperationmobile-securityowasp-top-10penetration-testingsecure-codingsecurity-engineersource-code-analysisvulnerability-assessmentweb-security

Application Security Notes

devsecops components

Topics:

  • This is an ever-growing checklist that expands with my never-ending learning. 🤓
  • Links to supplementary resources or credits are added within the notes.
  • I'm no expert, so feel free to raise a PR with any corrections.

Web Application Security

  • OWASP Top 10
  • XSS, CSP
  • CSRF, CORS, SOP
  • Open redirect
  • SSRF
  • SQLi
  • NoSQLi
  • XPATHi
  • XXE
  • LFI, RFI
  • SSTI
  • JWT
  • Broken Access Control, IDOR
  • Clickjacking
  • Business Logic Flaws
  • Race Conditions
  • HTTP Host header Attacks
  • OAuth 2.0
  • SAML
  • Web Socket Vulnerabilities
  • Insecure deserialization
  • Prototype Pollution
  • HTTP Request Smuggling
  • Web Cache Poisoning
  • DOM vulnerabilities

Mobile Security

  • OWASP Top 10
  • Android
  • iOS

API Security

  • OWASP Top 10
  • REST API
  • GraphQL

Thick Client Security

  • Thick/Heavy/Rich/Fat client

DevSecOps Concepts

  • Concepts - ShiftLeft, Agile, CI/CD, SAST/SCA
  • Docker Security
  • Kubernetes Security
  • Threat Modeling

About

My Application Security Notes - web, mobile, thick client, API, and more.

api-securityapplication-securitycybersecurityinformation-securityinterview-preperationmobile-securityowasp-top-10penetration-testingsecure-codingsecurity-engineersource-code-analysisvulnerability-assessmentweb-security