Security Guides

An index of application security topics I research and write about, organized by category with links to detailed content and ongoing research areas.

Core Vulnerability Guides

🎯 Comprehensive XSS Guide

34KB reference covering 20 attack techniques — Context-aware payloads, filter/WAF/CSP bypasses, framework-specific exploits, DOM clobbering, polyglots, and real-world exploitation chains. Compiled from 293 research sources.

🎯 Comprehensive SSRF Guide

40KB reference covering internal network exploitation — Attack surface mapping, cloud metadata extraction, bypass techniques, exploitation chains, and defense strategies. Compiled from 299 research sources.

🎯 Comprehensive SQL Injection Guide

38KB reference covering database exploitation — Attack classes, database-specific payloads, blind techniques, WAF bypasses, ORM/NoSQL variants, and prevention methods. Compiled from 33 research sources.

🎯 Comprehensive CSRF Guide

45KB reference covering state-changing attacks — Attack surface, exploitation techniques, SameSite and token bypasses, real-world chains, and detection/prevention. Compiled from 37 research sources.

🎯 Comprehensive IDOR Guide

44KB reference covering authorization bypasses — Attack surface, enumeration patterns, BOLA techniques, real-world writeups, detection workflow, and prevention. Compiled from 21 research sources.

🎯 Comprehensive RCE Guide

58KB reference covering code execution attacks — Vulnerability classes, exploitation primitives, language-specific chains, real-world CVEs, and detection/prevention. Compiled from 63 research sources.

🎯 Comprehensive XXE Guide

45KB reference covering XML exploitation — Parser quirks, in-band and out-of-band exfiltration, parameter entity chains, file-format vectors, and hardening. Compiled from 40 research sources.

🎯 Comprehensive Deserialization Guide

66KB reference covering object injection attacks — Language-specific attack surface, gadget chain mechanics, real-world CVE chains, tools, and detection/prevention. Compiled from 47 research sources.

API & Application Security

🎯 Comprehensive API Security Guide

38KB reference covering API attack surface — OWASP API Top 10 exploitation, authentication and authorization bypasses, rate limit evasion, real-world chains, and detection/prevention. Compiled from 30 research sources.

🎯 Comprehensive GraphQL Security Guide

39KB reference covering GraphQL attacks — Discovery, introspection, schema recovery, injection, authorization flaws, batching, DoS, subscriptions, and engine-specific quirks. Compiled from 31 research sources.

🎯 Comprehensive Authorization & Access Control Guide

43KB reference covering Broken Access Control — Authorization models, bug classes, bypass techniques, real-world chains, and detection/prevention patterns for web and API testing. Compiled from 33 research sources.

Security Methodology & Techniques

🎯 Comprehensive Mobile Application Security Guide

53KB reference covering iOS and Android security — Threat models, platform attack surface, reverse engineering, runtime instrumentation, bypass techniques, testing methodology, and defensive controls. Compiled from 16 research sources.

🎯 Comprehensive Python Security Guide

50KB reference covering Python application security — Dangerous APIs, deserialization pitfalls, framework-specific risks, supply chain attacks, LLM-era CVEs, static analysis tooling, and hardening patterns. Compiled from 81 research sources.

🎯 Comprehensive Fuzzing Guide

46KB reference covering fuzz testing — Fundamentals, coverage feedback, harness construction, corpus strategy, sanitizer usage, and the tool stack for web, binary, kernel, and API targets. Compiled from 23 research sources.

🎯 Comprehensive Recon Guide

41KB reference covering web reconnaissance — Attack surface discovery, subdomain enumeration, live host probing, content discovery, JS mining, cloud asset hunting, automation, and continuous monitoring. Compiled from 23 research sources.

🎯 Comprehensive OSINT Guide

52KB reference covering Open Source Intelligence — Methodology, collection disciplines, tooling, pivoting techniques, and operational security for intelligence gathering. Compiled from 34 research sources.

🎯 Comprehensive Secrets Management & Leakage Guide

53KB reference covering secrets sprawl and credential leakage — Detection, remediation, and hardening with coverage of GitGuardian research, OWASP guidance, TruffleHog/Gitleaks, real-world breaches, and AI-era patterns. Compiled from 30 research sources.

Professional Tools & Career

🎯 Comprehensive Bug Bounty Hunting Guide

57KB reference covering modern bug bounty hunting — Methodology, platforms, reconnaissance pipelines, vulnerability hunting, exploit chaining, report writing, and career strategy. Compiled from 97 research sources (the largest collection in the research library).

🎯 Comprehensive Burp Suite Guide

51KB reference covering professional web testing — Core tools, essential extensions, Bambdas and BChecks, Collaborator, macros and session handling, custom extension development, Burp AI, and real-world testing workflows. Compiled from 69 research sources.

🎯 Software Supply Chain Security Guide

55KB reference covering supply chain risks — Threat model across the SDLC, package-registry attack patterns, CI/CD hardening, artifact provenance and signing, SBOMs, dependency scanning, case studies, and defensive checklists. Compiled from 29 research sources.

Blog Posts by Topic

Server-Side Request Forgery (SSRF)

• SSRF Defense Strategies - Comprehensive mitigation techniques
• SSRF Attack Vectors - Understanding the threat landscape
• CVE-2026-27696: ChangeDetection SSRF - Real-world vulnerability analysis

Cross-Site Scripting (XSS)

• Content Security Policy Toolkit - Modern CSP implementation guide
• Content Security Policy Deep Dive - Foundation concepts and best practices

XML External Entity (XXE)

• XXE Payload Collection - Practical exploitation examples

Memory Safety & Binary Security

Use After Free

• Use After Free Exploitation - Memory corruption fundamentals

Python Security

Core Security Concepts

• Python Context Managers - Secure resource handling
• Python Magic Methods - Security implications of dunder methods
• Python Deserialization Security - Guide planned

Security Tools & Libraries

• Getting Started with Requests - Secure HTTP client usage
• Python Cryptography Best Practices - Coming soon

Advanced Topics

Tool Poisoning & Supply Chain

• MCP Tool Poisoning - Modern supply chain attack vectors

Security Research & Bug Bounty

Research Methodology

• Common Weakness Enumeration (CWE) - Understanding vulnerability classification
• Vulnerability Discovery Techniques - Methodology guide coming soon

Tool Poisoning & Supply Chain

• MCP Tool Poisoning - Modern supply chain attack vectors
• Dependency Confusion Attacks - Research ongoing

Security Tools & Techniques

Burp Suite

• Advanced Extensions Development - Guide planned
• Custom Scanner Rules - Coming soon

Fuzzing

• Web Application Fuzzing - Methodology guide in development
• API Endpoint Discovery - Techniques compilation planned

OSINT & Reconnaissance

• Asset Discovery Methodology - Guide planned
• Social Engineering Reconnaissance - Research compilation coming soon

Secret Management

• Credential Exposure Prevention - Best practices guide planned
• Secret Scanning Techniques - Tool comparison coming soon

Talks & Presentations

Check out my speaking page for conference talks and presentations on these security topics.

Additional Resources

For curated security resources and tools, visit appsec.fyi - my collection of application security resources.

This guides index is continuously updated as I research and publish new security content. Each topic represents areas of active research and practical experience.