explaingit

infoslack/awesome-web-hacking

6,823Audience · developerComplexity · 1/5Setup · easy

TLDR

A curated collection of web application security learning resources including books, tools, practice labs, courses, and OWASP documentation for beginners through experienced practitioners.

Mindmap

mindmap
  root((repo))
    Learning Resources
      Books
      Online Courses
    Tools
      Scanners
      Proxy Tools
    Practice Labs
      Vulnerable Apps
      Docker Images
    Standards
      OWASP
      Cheat Sheets
    Community
      Pull Requests
      Contributions
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Find books and courses to learn web application penetration testing from scratch.

USE CASE 2

Discover open-source security scanning and proxy tools for testing web apps.

USE CASE 3

Practice attack and defense techniques in legal vulnerable lab environments.

USE CASE 4

Look up OWASP standards and cheat sheets while preparing for a security assessment.

Getting it running

Difficulty · easy Time to first run · 5min
No license information provided in the explanation.

In plain English

This repository is a curated list of resources for anyone who wants to learn about web application security. It covers a broad range of material from introductory to advanced, organized into sections including books, documentation, tools, cheat sheets, practice labs, online courses, and Docker images set up for security testing work. The books section includes titles on SQL injection, cross-site scripting, penetration testing with specific tools, and general web application security for beginners through experienced practitioners. The documentation section links to standards and frameworks including OWASP, the Open Web Application Security Project, which publishes widely referenced guidance on application security risks and defenses. The tools section lists both free open-source tools and commercial options used in penetration testing and vulnerability scanning. These include scanners that probe web servers for known weaknesses, proxy tools that intercept and manipulate browser traffic, frameworks for running structured attack tests, and tools targeting specific platforms such as WordPress. Many of the linked tools are actively maintained separate projects. The labs and online hacking demonstration sites section points to intentionally vulnerable applications you can practice against legally. These are environments built to be broken into as a way of learning attack techniques and how defenses work. The list is community-maintained, meaning anyone can submit a pull request to add a new resource. There is no code in this repository, the entire content is links and brief descriptions. It is primarily aimed at people starting out in security or looking to fill gaps in a specific topic area, rather than at experienced professionals who would already know most of the listed resources.

Copy-paste prompts

Prompt 1
I want to learn web application security testing. Based on the awesome-web-hacking list, give me a 4-week study plan starting with beginner books and ending with hands-on lab practice.
Prompt 2
I need to set up a web security testing environment. List the open-source proxy and scanning tools from awesome-web-hacking and explain what each one does in plain English.
Prompt 3
I want to practice SQL injection and XSS safely. Which intentionally vulnerable apps from the awesome-web-hacking list should I start with and why?
Prompt 4
Explain OWASP and why it matters for web security, then name the top 5 risks a beginner should understand first.
Open on GitHub → Explain another repo

← infoslack on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.