Awesome Web Security: A Curated List of Resources for Web Security
This repository profile is provided by osrepos.com, an open source repository discovery platform.
Summary
Awesome Web Security is a comprehensive GitHub repository featuring a curated list of materials and resources for web security. It covers a wide range of topics, from common vulnerabilities like XSS and SQL Injection to advanced penetration testing techniques and tools. This list is an invaluable asset for anyone looking to learn or deepen their knowledge in web security.
Repository Information
Topics
Click on any tag to explore related repositories
Use at your own risk
OSRepos shares public repositories for knowledge and discovery only. Any installation, execution, configuration, or use of code from these repositories is the user's own responsibility. Always review the repository, source code, dependencies, licenses, and security implications before running or installing anything. OSRepos is not responsible for issues, damages, or losses resulting from third-party repositories.
Introduction
The awesome-web-security repository by qazbnm456 is an extensive collection of resources dedicated to web security. It serves as a go-to guide for learning cutting-edge penetration techniques, understanding various web vulnerabilities, and discovering essential tools. This curated list aims to help combat common website security issues stemming from misconfigurations or a lack of security skills among engineers.
Installation
While awesome-web-security is primarily a list of resources, it also ships as a Claude Code Skill, allowing AI agents to query its content at runtime. To install it as a skill, you can use the following command:
npx skills add qazbnm456/awesome-web-security -a claude-code -g -y
Alternatively, within Claude Code, use the plugin marketplace:
/plugin marketplace add qazbnm456/awesome-web-security
/plugin install awesome-web-security
For Codex, swap -a claude-code ? -a codex.
Examples
The repository is meticulously organized, covering a vast array of web security topics. For instance, the 'Introduction' section delves into specific vulnerabilities such as XSS (Cross-Site Scripting), SQL Injection, CSRF (Cross-Site Request Forgery), and SSRF (Server-Side Request Forgery). It also provides insights into less common but critical issues like Prototype Pollution, CSV Injection, and various types of Evasions (e.g., XXE, CSP, WAF).
Beyond theoretical knowledge, awesome-web-security lists numerous 'Tools' for auditing, reconnaissance (OSINT, Sub Domain Enumeration), scanning, and penetration testing. It also includes 'Practices' sections with vulnerable applications and challenges (like XSS challenges) to hone practical skills.
Why Use
This repository is an indispensable resource for security researchers, penetration testers, and developers alike. Its comprehensive nature, covering both foundational concepts and advanced techniques, makes it suitable for various skill levels. The inclusion of tools, practices, and a dedicated section for AI assistant integration demonstrates its commitment to staying current with the evolving landscape of web security. Whether you're looking to learn new attack vectors, find specific tools, or practice your skills, awesome-web-security provides a structured and up-to-date collection.
Links
- GitHub Repository: qazbnm456/awesome-web-security
- Author's X (formerly Twitter): @boik_su
- Author's Patreon: Patreon
Related repositories
Similar repositories that may be relevant next.

Awesome V: A Curated List of V Language Resources
July 10, 2026
Awesome V is a comprehensive, curated list of frameworks, libraries, software, and resources for the V programming language. It serves as an invaluable guide for developers looking to explore and utilize the V ecosystem. This repository helps users discover a wide range of applications, tools, and learning materials related to V development.
build-your-own-x: Master Programming by Recreating Technologies from Scratch
July 10, 2026
The build-your-own-x repository is an extensive collection of well-written, step-by-step guides for mastering programming by rebuilding popular technologies from scratch. It encourages deep understanding through practical application, offering tutorials across various domains from operating systems to web servers. This resource is perfect for developers looking to enhance their skills by tackling challenging, hands-on projects.

Awesome Streaming: A Curated List of Streaming Frameworks and Applications
July 8, 2026
Awesome Streaming is a comprehensive, curated list of resources dedicated to stream processing. It features a wide array of streaming frameworks, applications, libraries, and related tools. This repository serves as an excellent starting point for developers and engineers exploring the world of real-time data processing.

awesome-sysadmin: A Curated List of Essential Open-Source Sysadmin Resources
May 6, 2026
awesome-sysadmin is a comprehensive GitHub repository featuring a curated list of open-source tools and resources for system administrators. It covers a wide array of categories, from automation and backups to monitoring and virtualization, making it an invaluable resource for anyone managing IT infrastructure. This list helps sysadmins discover robust and free solutions to streamline their daily operations.
Source repository
Open the original repository on GitHub.