TL;DR

This page does NOT pretend to replace AWAE/OSWE content, this is a compilation of the best (public|my own) resources I have come up with.
AWAE LIST:
​Persistent Cross-Site Scripting 
​Session Hijacking 
​.NET Deserialization 
​Data Exfiltration 
​Bypassing File Extension Filters 
​Magic Hashes 
​Bypassing REGEX restrictions 
​Cross-Site Request Forgery 
​Type Juggling ​
​Blind SQL Injection 
​Bypassing File Upload Restrictions 
​Loose Comparisons 
​Bypassing Character Restrictions 
PERSONAL LIST:
Blind Time-Based & Boolean SQL Injection + Bypassing Character Restrictions 
MySQL 
PostgreSQL 
Deserialization
PHP 
Java 
.NET 
XSS
Reflected 
Stored 
Data Exfiltration 
Filter Bypass 
Loose Comparison
Type Juggling 
Magic Hashes 
REGEX
Filter Bypass 
File Upload Restrictions Bypass 
File Extension Filters Bypass 
​
Great people I have learnt a ton from:
@secgus, @julianjm, @cynops, @devploit, @oreos, @rmartinsanta.
Mentioned people:
@Takito, ITasahobby.
(CTF) Platforms I have enjoyed (and I'm enjoying) the most.
Websec
247CTF - The game never stops
247CTF
Web Security Academy: Free Online Training from PortSwigger
WebSecAcademy
Hacking Training For The Best
Hack The Box
​
Next - General
Resources
Last modified 2yr ago