Red - Web App Hacking

Web App Testing Resources

Guides

Resources

There is a bug bounty focused search engine at https://www.bugbountyhunting.com/? that can point you in the direction of tools, attacks, methodology, writeups, anything you want. It is amazing.

Resource Collections

Bug Bounty

Platforms

Resources and Reference

Web App Testing Frameworks

Scanning Utilities

Mapping the Site

Web Technologies

Attacks and Vulnerabilities

Misc Tools

Training and Resources

For resources including offensive security courses, books, CTFs and much more, please check out the Training and Resources section of this guide.
  • ​crAPI - completely ridiculous API (crAPI) will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself.