Рекомендую к прочтению: https://habr.com/ru/post/260913/ https://losst.ru/nachnite-izuchat-linux-pryamo-sejchas https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf https://helpugroup.ru/rukovodstvo-dlya-novichkov-po-owasp-juice-shop-praktika-vzloma-10-naibolee-rasprostranennyh-uyazvimostej-veb-prilozhenij/ https://www.securitylab.ru/blog/personal/Informacionnaya_bezopasnost_v_detalyah/317651.php http://wiki.informationsecurity.club/doku.php/web-security:owasp_testing_guide https://www.owasp.org/index.php/Source_Code_Analysis_Tools https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project https://www.owasp.org/index.php/OWASP_SAMM_Project https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series https://www.owasp.org/index.php/OWASP_Proactive_Controls https://www.owasp.org/index.php/OWASP_Guide_Project https://www.owasp.org/index.php/OWASP_Testing_Project http://rochakchauhan.in/blog/2013/02/17/top-10-application-security-risks-owasp/ XSS: https://habr.com/ru/post/66057/ https://www.securitylab.ru/analytics/432835.php NetCat: https://codeby.net/threads/polnocennyj-shell-cherez-netcat-stty-netcat-magic.61989/ https://hackware.ru/?p=8777 https://habr.com/ru/company/pentestit/blog/336596/ Настройка лаборатории в Linux для тестирования web-уязвимостей: http://n1cesecurity.blogspot.com/2015/11/Ustanovka-nastroyka-ploschadok-dlya-testirovaniya-web-uyazvimostey.html https://kali.tools/?p=1925 https://www.thecurrent.ru/entry/ustanovka-dvwa-v-kali-linux.html https://www.securitylab.ru/analytics/474650.php GitHub - тематика shell: https://github.com/xl7dev/WebShell https://github.com/tennc/webshell https://github.com/JohnTroony/php-webshells Burp: https://losst.ru/kak-polzovatsya-burp-suite https://codeby.net/threads/uroki-po-burp-suite-pro-chast-1-nachalo.62200/ https://codeby.net/threads/6-burp-suite-spider-skanirovanie-sajta.67722/ https://computer76.ru/2017/10/25/nastroit-burp-suite-v-kali-linuks/ CRF и cookie: https://habr.com/ru/post/134150/ https://learn.javascript.ru/csrf https://xakep.ru/2018/12/13/csrf-samsung/ https://xakep.ru/2016/09/20/monero-csrf/ https://xakep.ru/2016/09/01/y-browser-csrf/ https://habr.com/ru/post/318748/ https://ru.stf.st/threads/16294/ https://threatpost.ru/new-attacks-recall-old-problems-with-browser-cookies/12159/ Hack training и Bug Bounty (площадки, программы, условия, задания): https://www.hacksplaining.com https://training.hackerdom.ru https://www.hackerone.com https://techcrunch.com/2016/08/04/apple-announces-long-awaited-bug-bounty-program/ https://www.avast.com/bug-bounty https://help.twitter.com/en/rules-and-policies/reporting-security-vulnerabilities https://www.intel.com/content/www/us/en/security-center/bug-bounty-program.html https://www.google.com/about/appsecurity/reward-program/ https://www.facebook.com/whitehat/ https://www.microsoft.com/en-us/msrc/bounty?rtc=1 https://bounty.github.com https://www.mozilla.org/en-US/security/bug-bounty/ https://hackerone.com/verizonmedia http://h1.nobbd.de https://www.pentesterlab.com https://www.bugcrowd.com/bug-bounty-list/ https://yandex.com/bugbounty/browser/ https://securixy.kz/hack-faq/pentestit-lab-12-prohozhdenie.html/ Видеоинструкция как настраивать виртуальную лабораторию: https://www.youtube.com/watch?v=8VUI_FtbDGk дополнительная информация - вебинар для понимания общей концепции pen-тестинга: https://geekbrains.ru/events/1253