Red - Web App Hacking

There is a bug bounty focused search engine at that can point you in the direction of tools, attacks, methodology, writeups, anything you want. It is amazing.

For resources including offensive security courses, books, CTFs and much more, please check out the Training and Resources section of this guide.
  • ​crAPI - completely ridiculous API (crAPI) will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself.
Copy link
On this page
Web App Testing Resources
Resource Collections
Bug Bounty
Resources and Reference
Web App Testing Frameworks
Scanning Utilities
Mapping the Site
Web Technologies
Attacks and Vulnerabilities
Misc Tools
Training and Resources