TL;DR

This page does NOT pretend to replace AWAE/OSWE content, this is a compilation of the best (public|my own) resources I have come up with.

AWAE LIST:

• Persistent Cross-Site Scripting

• Session Hijacking

• .NET Deserialization

• Data Exfiltration

• Bypassing File Extension Filters

• Magic Hashes

• Bypassing REGEX restrictions

• Cross-Site Request Forgery

• Type Juggling

• Blind SQL Injection

• Bypassing File Upload Restrictions

• Loose Comparisons

• Bypassing Character Restrictions

PERSONAL LIST:

• Blind Time-Based & Boolean SQL Injection + Bypassing Character Restrictions

  • MySQL

  • PostgreSQL

• Deserialization

  • PHP

  • Java

  • .NET

• XSS

  • Reflected

  • Stored

  • Data Exfiltration

  • Filter Bypass

• Loose Comparison

  • Type Juggling

    • Magic Hashes

• REGEX

  • Filter Bypass

• File Upload Restrictions Bypass

  • File Extension Filters Bypass

Great people I have learnt a ton from: @secgus, @julianjm, @cynops, @devploit, @oreos, @rmartinsanta.

Mentioned people: @Takito, ITasahobby.

(CTF) Platforms I have enjoyed (and I'm enjoying) the most.

Websecwebsec.fr

247CTF - The game never stops247CTF

Web Security Academy: Free Online Training from PortSwiggerWebSecAcademy

Hack The Box: The #1 Cybersecurity Performance CenterHack The Box