Security-Guides

Comprehensive Authorization & Access Control Guide A practitioner’s reference for Broken Access Control (OWASP A01) — the models, bug classes, bypass techniques, real-world chains, and detection/prevention patterns that matter in modern web and API testing. Compiled from 80 research sources. Table of Contents Fundamentals Authorization Models Attack Surface & Discovery Vertical Privilege Escalation Horizontal Privilege Escalation & IDOR/BOLA Broken Function Level Authorization URL, Method & Header Bypasses Parameter & Keyword Bypasses JWT & Token Claim Manipulation OAuth Scope & Redirect Abuse Multi-Tenant & Session Isolation Failures Cloud & AI Agent Authorization Real-World CVEs and Chains Tools & Automation Detection & Prevention Testing Methodology Quick Reference 1. Fundamentals Access control is the application of constraints on who or what is authorized to perform actions or access resources. It sits on top of two related primitives: ...

Comprehensive Mobile Application Security Guide A practitioner’s reference for iOS and Android application security — threat models, platform attack surface, reverse engineering, runtime instrumentation, bypass techniques, testing methodology, and defensive controls. Compiled from 34 research sources. Table of Contents Fundamentals & Threat Model OWASP MASVS & MASTG Android Platform Attack Surface iOS Platform Attack Surface Insecure Storage Network Communication & TLS SSL / Certificate Pinning Bypass Reverse Engineering Workflow Runtime Instrumentation with Frida Root & Jailbreak Detection Bypass Deep Links & URL Schemes WebView Security Authentication, Biometrics & Session Cryptography & Key Management Resilience / Anti-Tamper / RASP Tooling Reference Testing Methodology Notable CVEs & Real-World Incidents Defensive Checklist 1. Fundamentals & Threat Model Mobile application security differs from traditional web security in three material ways. First, the attacker has the binary on their device and can take it apart at leisure — the app runs in a fundamentally hostile environment. Second, the OS provides strong sandboxing, code signing, and hardware-backed keystores that raise the bar but can be bypassed by a motivated attacker on a rooted or jailbroken device. Third, the attack surface spans the binary, the device, the local IPC boundary, the network, and the backend APIs — any of which can be the weak link. ...

Comprehensive Python Security Guide A practitioner’s defensive reference for securing Python applications — dangerous APIs, deserialization pitfalls, framework-specific risks, supply chain attacks, LLM-era CVEs, static analysis tooling, and hardening patterns. Compiled from 184 research sources. Table of Contents Fundamentals Dangerous Built-in APIs Insecure Deserialization Command & Code Injection SSRF & URL Parsing in Python Path Traversal, Tarfile, Zipfile Cryptography & Randomness Flask Security Django Security FastAPI & Other Frameworks Jinja2 & Server-Side Template Injection Package Supply Chain Attacks LLM / AI Framework CVEs ML Model Deserialization Attacks Notable Python CVEs (Stdlib) Static Analysis & SAST Secure Coding Patterns Hardening Checklist Tool Reference Detection Quick Reference 1. Fundamentals Python’s dynamism is both its selling point and its largest security footgun. Classes can be instantiated from strings, modules can be imported at runtime, objects can rewrite their own deserialization hooks, and the default serializer is Turing-complete. A defender cannot rely on the language to fail safe — every dangerous capability is a first-class primitive. ...

Comprehensive Fuzzing Guide A practitioner’s reference for fuzz testing — fundamentals, coverage feedback, harness construction, corpus strategy, sanitizer usage, and the tool stack for web, binary, kernel, API, and smart-contract targets. Compiled from 46 research sources. Table of Contents Fundamentals Fuzzing Taxonomy Coverage-Guided Fuzzing Harness Construction Corpus Management & Seed Selection Dictionaries & Structure-Aware Fuzzing Sanitizers Binary Fuzzing (AFL++, libFuzzer, honggfuzz, LibAFL) Web Fuzzing (ffuf, wfuzz, feroxbuster, Burp Intruder) API Fuzzing (REST, GraphQL, Protobuf) Kernel & OS Fuzzing Directed & Grammar-Based Fuzzing AI-Augmented Fuzzing JVM Fuzzing (Jazzer, LibAFL) Rust & Python Fuzzing Snapshot Fuzzing (Nyx, HyperHook) Smart Contract Fuzzing Protocol & Network Fuzzing (Boofuzz, ICS) Crash Triage & Minimization CI/CD Integration Bugs That Survive Continuous Fuzzing Real-World Wins & CVEs Tools & Frameworks Reference Wordlist & Corpus Resources Quick Reference Cheatsheet 1. Fundamentals Fuzzing is automated software testing by bombarding a target with a large volume of semi-random, invalid, or unexpected inputs and watching for crashes, hangs, memory errors, or assertion failures. The technique originates with Barton Miller’s 1988 University of Wisconsin-Madison experiment, where random inputs crashed roughly a third of tested Unix utilities. ...

Comprehensive Recon Guide A practitioner’s reference for web reconnaissance — attack surface discovery, subdomain enumeration, live host probing, content discovery, JS mining, cloud asset hunting, automation, and continuous monitoring. Compiled from 23 research sources. Table of Contents Fundamentals Scope & Target Profiling Subdomain Enumeration DNS Brute Force & Permutation Live Host Discovery & HTTP Probing Port Scanning URL & Endpoint Crawling JavaScript Analysis Content & Directory Discovery Parameter Discovery Technology Fingerprinting Cloud Asset Discovery GitHub & Code Leak Hunting ASN & Infrastructure Expansion Wordlist Resources Automation Pipelines Continuous Monitoring Real-World Recon Wins Quick Reference 1. Fundamentals Recon is 80% of offensive security. The researchers who earn six figures aren’t running more tools than everyone else — they’re running them in smarter pipelines, feeding the output of one into the next, and manually reviewing the long tail that automation misses. Every hour spent deepening the asset inventory pays off when hunting begins: more subdomains means more parameters, more endpoints, more code paths, more chances for a bug nobody else has seen. ...

Comprehensive OSINT Guide A practitioner’s reference for Open Source Intelligence — methodology, collection disciplines, tooling, pivoting techniques, and operational security. Compiled from 34 research sources. Table of Contents Fundamentals The OSINT Lifecycle People OSINT (HUMINT/SOCMINT) Company & Corporate OSINT Infrastructure & Network OSINT Domain, DNS & Certificate Intel Social Media Intelligence Geolocation & Imagery (GEOINT) Breach, Leak & Paste Intel Metadata Extraction Code & Repository OSINT Dark Web & Threat Intel IoT & Device Discovery Tools Reference Automation & Visualization AI-Assisted OSINT Operational Security Legal & Ethical Considerations Quick Reference 1. Fundamentals Open Source Intelligence (OSINT) is the discipline of collecting, correlating, and analyzing information that is publicly or legally available to produce actionable intelligence. “Open source” does not mean “easy” or “low value” — it means no clandestine collection is involved. The sources are lawful: the skill lies in knowing where to look, how to pivot, and how to assemble fragments into a coherent picture. ...

Comprehensive Secrets Management & Leakage Guide A practitioner’s reference for secrets sprawl, credential leakage, detection, remediation, and hardening. Compiled from 54 research sources covering GitGuardian State of Secrets Sprawl 2025/2026, OWASP Secrets Management Cheat Sheet, TruffleHog, Gitleaks, real-world breaches (Trivy/European Commission, Shai-Hulud, LiteLLM, EleKtra-Leak, .env extortion campaigns, GCP SecOps SIEM token leak), AI-era leakage patterns (Claude Code source leak, vibe-coding fingerprints, ChatGPT API key exposure), certificate/private key leak research (Google-GitGuardian), GitHub search syntax for secret discovery, vault hardening (HashiCorp Vault production guide, AWS SM vs Vault, Infisical, SOPS+age), Terraform/Kubernetes secrets management, IAM Roles Anywhere, shift-left speed budgets, and NHI governance guidance. ...

Comprehensive Bug Bounty Hunting Guide A practitioner’s reference for modern bug bounty hunting — methodology, platforms, reconnaissance pipelines, vulnerability hunting, exploit chaining, report writing, and career strategy. Compiled from 98 research sources. Table of Contents Fundamentals & Mindset Bug Bounty Platforms Scope Analysis & Target Selection The End-to-End Methodology Reconnaissance Pipeline Subdomain Enumeration Deep Dive Asset Discovery & Attack Surface Mapping JavaScript Analysis & Secret Hunting Content Discovery & Fuzzing Vulnerability Classes to Hunt Business Logic & Chaining Cloud, API & Web3 Attack Surfaces AI / LLM Testing Real-World Disclosed Writeups Report Writing & Triage Tools & Automation Stack Income & Payout Strategies Common Mistakes & Anti-Patterns Learning Resources Quick Reference Cheat Sheets 1. Fundamentals & Mindset Bug bounty hunting is the practice of finding and responsibly disclosing security vulnerabilities to organizations that reward researchers for their findings. Unlike traditional penetration testing, bug bounty is outcome-driven: no bug, no bounty. Payouts range from $50 nuisance bugs to $2M+ for critical cloud / crypto findings. ...

Software Supply Chain Security Guide A defender’s reference for software supply chain risks — threat model across the SDLC, package-registry attack patterns, CI/CD hardening, artifact provenance and signing, SBOMs, dependency scanning, case studies, and a checklist. Compiled from 54 research articles, advisories, and incident writeups in raw/Supply Chain/. Table of Contents Fundamentals Threat Model Across the SDLC Package Registry Risks Dependency Confusion, Typosquatting, Slopsquatting Maintainer Account Compromise CI/CD Pipeline Hardening Container Image Provenance & Verification SLSA Framework Sigstore, Cosign, in-toto SBOMs (SPDX, CycloneDX) Dependency Scanning Tooling Developer Host Hardening Admission Control & Runtime Verification Case Studies — Defensive Lessons Detection Signals & IOCs Defender Checklist Reference Configurations 1. Fundamentals A software supply chain attack compromises a dependency, tool, build system, or distribution channel that the target trusts, rather than attacking the target directly. The malicious payload rides in on a routine npm install, pip install, docker pull, or CI build — bypassing perimeter defenses because the artifact appears legitimate. ...

Comprehensive Burp Suite Guide A practitioner’s reference for Burp Suite — core tools, essential extensions, Bambdas and BChecks, Collaborator, macros and session handling, custom extension development, Burp AI, and real-world testing workflows. Compiled from 71 research sources. Table of Contents Fundamentals Proxy Repeater Intruder Scanner Comparer, Decoder, Sequencer Collaborator (OAST) Macros & Session Handling Target, Sitemap & Scope Essential BApp Extensions Turbo Intruder Bambdas BChecks Writing Custom Extensions (Montoya API) Burp AI Keyboard Shortcuts Real-World Workflows Troubleshooting & Tuning Learning Resources 1. Fundamentals Burp Suite, from PortSwigger, is the de-facto web application security testing platform. It is an intercepting proxy with a rich toolbox for manual and semi-automated testing. Three editions ship today: ...