SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

A curated list of resources for learning about application security

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

Collection of my capture-the-flag web challenge in any levels

Web Fuzzing Discovery and Attack Pattern Database

Hands-on labs to help you learn AWS