SUMMARY.md

Summary

• Application Security Cheat Sheet

Android Application

• Overview
  • Application Data & Files
  • Application Package
  • Application Sandbox
  • Application Signing
  • Deployment
  • Package Manager
• Intent Vulnerabilities
  • Deep Linking Vulnerabilities
• WebView Vulnerabilities
  • WebResourceResponse Vulnerabilities
  • WebSettings Vulnerabilities

CI/CD

• Dependency
  • Dependency Confusion
  • Dependency Hijaking
  • Typosquatting
• GitHub
  • GitHub Actions
  • Code owners
  • Dependabot
  • Redirect
  • Releases

Cloud

• AWS
  • Amazon API Gateway
  • Amazon Cognito
  • Amazon S3

Container

• Overview
  • Container Basics
  • Docker Engine
• Escaping
  • CVE List
  • Exposed Docker Socket
  • Excessive Capabilities
  • Host Networking Driver
  • PID Namespace Sharing
  • Sensitive Mounts
• Container Analysis Tools

Framework

• Spring
  • Overview
  • Mass Assignment
  • Routing Abuse
  • SpEL Injection
  • Spring Boot Actuators
  • Spring Data Redis Insecure Deserialization
  • Spring View Manipulation
• React
  • Overview
  • Security Issues

Linux

• Overview
  • Philosophy
  • File
  • File Descriptor
  • I/O Redirection
  • Process
  • Inter Process Communication
  • Shell
  • Signals
  • Socket
  • User Space vs Kernel Space
• Bash Tips

iOS Application

• Overview
  • Application Data & Files
  • Application Package
  • Application Sandbox
  • Application Signing
  • Deployment
• Getting Started
  • IPA Patching
  • Source Code Patching
  • Testing with Objection

Resources

• Lists
  • Payloads
  • Wordlists
• Researching
  • Web Application
  • Write-ups
• Software
  • AWS Tools
  • Azure Tools
  • Component Analysis
  • Docker Analysis
  • Dynamic Analysis
  • Fuzzing
  • GCP Tools
  • Reverse Engineering
  • Static Analysis
  • Vulnerability Scanning
• Training
  • Secure Development

Web Application

• Abusing HTTP hop-by-hop Request Headers
• Broken Authentication
  • Two-Factor Authentication Vulnerabilities
• Command Injection
  • Argument Injection
• Content Security Policy
• Cookie Security
  • Cookie Bomb
  • Cookie Jar Overflow
  • Cookie Tossing
• CORS Misconfiguration
• File Upload Vulnerabilities
• GraphQL Vulnerabilities
• HTML Injection
  • base
  • iframe
  • link
  • meta
  • target attribute
• HTTP Header Security
• HTTP Request Smuggling
• Improper Rate Limits
• JavaScript Prototype Pollution
• JSON Web Token Vulnerabilities
• OAuth 2.0 Vulnerabilities
  • OpenID Connect Vulnerabilities
• Race Condition
• Server Side Request Forgery
  • Post Exploitation
• SVG Abuse
• Weak Random Generation
• Web Cache Poisoning