ControlC Pastebin - The easiest way to host your text

Paste content

Up to 100 KB of text. BBCode formatting is supported.
Title - optional
Content
[tpb]Resources to learn about Operating Systems:[/tpb]\r\nLinux Basics: https://linuxjourney.com/\r\nAndroid Basics: https://www.educba.com/android-operating-system/\r\nWindows Basics: https://www.educba.com/introduction-to-windows/\r\nOperating System Basics: https://www.tutorialspoint.com/operating_system/index.htm\r\n\r\n[tpb]Resources to learn Computer Networks[/tpb]\r\nhttps://www.tutorialspoint.com/data_communication_computer_network/index.htm\r\nhttps://www.tutorialspoint.com/network_security/index.htm\r\nCryptography & Network Security (McGraw-Hill Forouzan Networking)\r\n\r\n[tpb]Resources to Learn About Web Applications[/tpb]\r\nAbout HTTP: https://developer.mozilla.org/en-US/docs/Web/HTTP\r\nHTTP Headers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers\r\nHTTP Security: https://developer.mozilla.org/en-US/docs/Web/Security\r\nContent-Security Policy: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP\r\nHTTP Cookies: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Secure_and_HttpOnly_cookies\r\nWeb Security Cheatsheet: https://infosec.mozilla.org/guidelines/web_security\r\nCross-Origin Resource Sharing: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS\r\n\r\n[tpb]Resources to Learn About Common Security Frameworks[/tpb]\r\nOWASP: The Open Web Application Security Project is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.\r\nOWASP Web Top 10: https://owasp.org/www-project-top-ten/\r\nOWASP API Top 10: https://owasp.org/www-project-api-security/\r\nOWASP Mobile Top 10: https://owasp.org/www-project-mobile-top-10/\r\nOWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/\r\nOWASP Vulnerability Management Guide: https://owasp.org/www-project-vulnerability-management-guide/OWASP-Vuln-Mgm-Guide-Jul23-2020.pdf\r\nOWASP Risk Rating Methodology: https://owasp.org/www-community/OWASP_Risk_Rating_Methodology\r\nSTRIDE: The STRIDE model was developed by Microsoft in order to help security engineers understand and classify all possible threats on a server. The name of this model is an acronym for the six main types of threats.\r\nRead More: https://docs.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20)?redirectedfrom=MSDN\r\nCVSS: The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.\r\nRead More: https://www.first.org/cvss/\r\n\r\nOWASP Testing Guide explaining a wide range of security issues and how to test for them. This should be the initial reference guide to know and explore various security vulnerabilities.\r\n\r\nPortSwigger Web Security Academy is the practical version of Web Application Hacker’s Handbook. You will get good learning resources (short and crisp) followed by Labs to master the things you are learning.\r\n\r\nBugcrowd Vulnerability Rating Taxonomy talks about multiple security issues and an associated severity with them. This is also a helpful resource to know multiple security issues.\r\n\r\nOWASP Juice Shop is a real-life application and gives you a flavor to test multiple security vulnerabilities ranging from Injection, Access Control to XXE.\r\n\r\nCobalt.io Vulnerability Wiki is yet another great resource that includes a brief explanation, proof of concept, and risk ratings for various security issues based on OWASP ASVS.\r\n\r\nPayloadAllTheThings is an open-resource GitHub Repository that contains a huge list of payloads for all security issues and this is a good resource to know some of the new security issues as well.\r\n\r\nLearn365 is my own GitHub Repo which contains all the learning resources I am following in my #Learn365 challenge, these include various attack vectors including Web, Mobile, Network, Cloud, etc.\r\n\r\nHackTricks GitBook is a great collection of resources about various Network, Mobile & Web Attack vectors.\r\nInfoSec Writeups, PentesterLand & HackerOne Disclosures are great resources for looking at the Bug Bounty Writeups and learn how various hackers approach different bugs and different applications.\r\nIf you can purchase paid subscriptions I would suggest these two paid labs and they have nice content:\r\nPentesterLab: https://pentesterlab.com/\r\n\r\nPentesterAcademy — AttackDefense Labs: https://attackdefense.com/\r\n\r\n[tpb]Resources to Learn About Network Security[/tpb]\r\nThere are multiple ways to practice for network security, however, the best way is to invest time in solving labs using HackTheBox and understanding new concepts. some of the good resources are:\r\nHackTheBox: An online platform to test and advance your skills in penetration testing and cybersecurity.\r\nVulnHub: To provide materials that allow anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration.\r\nOffensiveSecurity ProvingGrounds: Practice your Pentesting skills in a standalone, private lab environment with the additions of PG Play and PG Practice to Offensive Security’s Proving Grounds training labs.\r\nTryHackMe: TryHackMe is an online platform that teaches Cyber Security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers, incorporating guides and challenges to cater to different learning styles.\r\nHackTricks GitBook is a great collection of resources about various Network, Mobile & Web Attack vectors.\r\n\r\n[tpb]Mobile Application Security:[/tpb]\r\n\r\nOWASP Mobile Security Top 10: https://owasp.org/www-project-mobile-top-10/\r\nThe Mobile Application Hacker’s Handbook:\r\nHackTricks GitBook is a great collection of resources about various Network, Mobile & Web Attack vectors.\r\nOWASP iGoat: https://github.com/OWASP/igoat\r\nInsecure Bank: https://github.com/dineshshetty/Android-InsecureBankv2
Password
Anyone with the link will still need this password to view.
Expires