🐶 Curated list of Web Security materials and resources.
Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc. To combat this, here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques, and I highly encourage you to read this article "So you want to be a web security researcher?" first.
Please read the contribution guidelines before contributing.
🌈 Want to strengthen your penetration skills?
I would recommend playing some awesome-ctfs.
If you enjoy this awesome list and would like to support it, check out my Patreon page :)
Also, don't forget to check out my repos 🐾 or say hi on X (formerly Twitter)!
This list also ships as a Claude Code Skill so AI agents can query it at runtime — no stale snapshot, always reads the latest data/index.json from master.
Install (one-liner, recommended):
npx skills add qazbnm456/awesome-web-security -a claude-code -g -y
Or inside Claude Code, use the plugin marketplace:
/plugin marketplace add qazbnm456/awesome-web-security
/plugin install awesome-web-security
For Codex, swap -a claude-code → -a codex.
Then ask any web-security question and the skill activates on topics like XSS, SQLi, SSRF, JWT, OAuth, recon, WAF evasion, deserialization, SAML, CTF write-ups, and more. See skills/awesome-web-security/SKILL.md for the full trigger list.
$ claude mcp add awesome-web-security \
-- python -m otcore.mcp_server <graph>