2017-Common Security Issues in Web Applications #Series#: I hope this article will help developers to have simple understanding of some issues that appear to be in 80–85% of applications.
2018-Hacker101: Hacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.
MDN-Web security: The web security oriented articles listed here provide information that may help you secure your site and its code from attacks and data theft.
The Bug Hunters Methodology: This repo is a conglomeration of tips, tricks, tools, and data analysis to use while doing web application security assessments, and more specifically towards bug hunting in bug bounties.
2018-Web Application Penetration Testing Cheat Sheet: This cheatsheet is intended to run down the typical steps performed when conducting a web application penetration test.
Web Developer Security Checklist: Michael O’Brien shares a security checklist for web developers so that you don’t forget anything crucial in your next projects.
CSS-Keylogging: Chrome extension and Express server that exploits keylogging abilities of CSS.
2017-From Markdown to RCE in Atom: Recently I took a look at Atom, a text editor by GitHub. With a little bit of work, I was able to chain multiple vulnerabilities in Atom into an actual Remote Code Execution.
2019-HTTP Security Headers - A Complete Guide: In this article, I will walk through the commonly evaluated headers, recommend security values for each, and give a sample header setting.
2019-REST API 面临的 7 大安全威胁: API 安全性是组织希望在未来几年内解决的最大挑战，而安全性挑战的解决很有可能会成为 API 领域增长的催化剂。
2019-JWT 攻击手册：如何入侵你的 Token: 不仅可以让你伪造任意用户获得无限的访问权限，而且还可能进一步发现更多的安全漏洞，如信息泄露，越权访问，SQLi，XSS，SSRF，RCE，LFI 等。
Password Rules Are Bullshit: Let this pledge be duly noted on the permanent record of the Internet. I don't know if there's an afterlife, but I'll be finding out soon enough, and I plan to go out mad as hell.
2018-Practical Web Cache Poisoning: In this paper I'll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems, targeting everyone that makes the mistake of visiting their homepage.
2018-如何防止 XSS 攻击？: 随着互联网的高速发展，信息安全问题已经成为企业最为关注的焦点之一，而前端又是引发企业安全问题的高危据点。
2017-NetSPI SQL Injection Wiki: This wiki's mission is to be a one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems (DBMS).