Thank you for coming to my sillyforum. more interesting features on the way, and a new daily daily bug bounty study with me let's get our first bug bounty together series

K i am about to let you in on the best web app security resource. This guy really teach's web app security well. In my experience, kinda hard to find. Hard to find people who really go into the details, this guy explains it like you are in first grade. Portswigger themselves link to his videos, out of the 269 portwsigger web app security labs i would say z3nsh3ll probably has a walkthrough of a good 100 of them at least. HE GETS INTO IT. do like the 20 XSS labs with z3nsh3ll by your side and you will know more about xss than the average cyber person.

ahh yeah the mobile version doesn't have shit. Burp suite academy is really good. i reccomend one of the youtubers that portswigger links to. z3nsh3ll, he explains it really well. And the portswigger labs are fantastic. Everyone raves about those ask around. Also building a shity web app like this helps you understand how certain web apps can work. I recommend building a couple start with Flask or something like this, do that and also do portswigger at the same time that way you can understand it from a builders perspective and a hackers perspective , that way one day you can really attack them.

So i have decided to nail the BSCP, burp suite certified practitioner first. cause my burp suite pro expires in 3 months.

i have yet to implement delete posts lol sorry guys. just um make it blank for now if you want.

watch the last couple of videos in the active directory section of the course. watch the case studies.

Here's something I didn’t realize until recently while studying DOM-based vs. reflected XSS: The HTML you see when you right-click and Inspect Element is not the same as what you see in View Page Source. View Source shows the original HTML from the server. Inspect Element shows the live DOM after JavaScript has executed. This difference is huge when testing for XSS vulnerabilities. For example, with Reflected XSS, you might see the payload in View Source, but with DOM-based XSS, it’ll only appear in the DOM via Inspect Element. will make a video on this.

yes, so I strongly recommend the Portswigger labs because they always work! They are burp suite labs basically. There are about 300 of them. Some of them take a few minutes, some longer, some a few hours. If you notice, there are usually youtube walkthrouhgs on the bottom. One guy, I won't say his name, is so dry haha. All he does is say the exact solution that is already given by portswigger. Instead, look out for Z3nSh3ll videos, which would be linked right under. Not every lab has a Z3nSh3ll video. But a lot of the important ones do. For instance, just hit the XSS labs, there are like 30 of them. Just go one after the other, and Z3nSh3ll will explain it to you beautifully. He really talks you through it. The logic behind all the attacks, and how to conduct similar attacks it's the best.