Comment on page



This site is still a work in progress! There will be gaps and there's of course a lot more to come so make sure to check back in soon!
My goal is to provide a somewhat living and up-to-date handbook for Web Application Hacking. In particular the checklists are designed not just to give you things to look for, but also spark ideas, and creative ways to find vulnerabilities.
This is a curated repository of my notes and experience over many years of testing web applications. I've stripped out the sensitive information and made it more accessible for those who are learning about web application security. I hope you find it useful in your journey.
Throughout this site, I try to promote ideas over specific payloads to help you solve problems and find security weaknesses that other testers or scanners may have missed.
Please feel free to connect with me! You can find me on LinkedIn, or Twitch.
Please feel free to connect and message me if you have questions or feedback.
In a moment of weakness I signed up to Twitter.
AppSecExplained - Twitch
I stream here from time to time :)
Last modified 3mo ago