Pentesting Resources

Web App Pentest / Bug Bounty

• Keyhacks
• Book of Bug Bounty Tips
• BugReader
• Web App Pentest Mind Map
• Web Application Security Mind Map
• HowToHunt
• PayloadsAllTheThings
• Medium Article on Web App Pentest

Android App Pentest

• Mobile App Pentest Checklist

API Pentest

• API Security Checklist Spreadsheet
• API Security Checklist GitHub
• VAmPI

iOS App Pentest

• iOS App Pentest Resources

Source Code Review

• FindSecBugs
• JSHint
• OWASP Code Review Guide
• Semgrep

Thick Client Pentesting

• Thick Client Basics
• Thick Client Penetration Testing Methodology
• Introduction to File Operation Abuse on Windows
• Thick Client Exploitation to Becoming Kubernetes Cluster Admin
• More Thick Client Fun
• Thick Client Proxying
• Burp Non-HTTP Extension
• Thick Client (In)Security
• Introduction to Hacking Thick Clients Part 1: The GUI
• Build a TCP Proxy in Python

Cloud Security

• CloudBerry Engineering Tool
• Awesome Cloud Security