YEHG .Inc | Miscellanous Resources

Our miscellaneous resources that are available online.

Portable Test Pages:

• Cross Site Request Forgery
  
• Cross Site Framing
  
• HTTP Header Abuse Check
  

• Security Assessment Report Generators
  
• Hacker Web Search Aggregator
  
• PHP Charset Encoder/String Cryptor
• Ad-free version of whatismyip.com - Quick check on your IP/Proxy information
  
• Pentest Wordlists - We host it for quick reference.
Web App Security Assessment Report Generator (WA-SARG)

To generate assessment report, the following famous two methodologies are used as framework or checklists. Practical skills on tools and knowledge are required to perform the assessments accurately according to defined methodology. Carrying out assessments that satisfy all tasks mentioned in these methodologies ensures reasonable level of security. They provide pentesters baseline checklists so as not to miss anything. For more information, please go to PortSwigger website or buy "Web Application Hacker's Handbook" for Portwigger and download OWASP Testing Guide from owasp.org. If you'd like to propose hybrid methodologies combined with your own experience, don't hesitate to contact us. Over time, these methodologies need to be updated to cope with evolving attack vectors and threats.


1. PortSwigger
   
2. OWASP Testing Guide v2
   
3. OWASP Testing Guide v3
   
Privacy Policy:
• No data is sent to our server.
• Purely generated by JavaScript alone.
Some words:
• Avoid using it as a checklist if you have limited time;
  hence low-hanging fruits first!
• Take a look at OWA-SM for overall Security Life Cycle.
• Choose tests to perform, delete untested tests.
• Tick 'Yes' radiobutton if you find vulnerabilities or 'No' if not.
• Tick the checkbox for tasks you've performed.
• Click Result/Note to write notes/results for your findings, fixes ...etc.
  There feel free to press 'Tab'. It won't take you to next checkbox.
  The notation Result/Note** used to show you've written notes for the particular test.
• Click 'Generate Report' and print page (as PDF) for future reference.
• View samples - HTML & PDF.
Our Projects
• Web Application Security Papers Archived (WASPA)
  Description: This project is a collection of web application security related documents, presentations, cheetsheets, guides and the like. As for always, those resources are scattered among thousands of resources on the web. Some are really worth to read but are sadly unknown by a whole large. The only noble aim of Security students, professionals, or researchers is to bring reliable security and countermeasures to our next-generation IT communication. I attempt to support this aim by collecting resources altogether in one place which can be downloaded by those who're eager for stronger security.
  Started: June 2008
  
  
• Virtual Hacking Lab
  Description: This project is a mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats.
  
  
• The Ultimate Hacker Web Directory (HWD)
  Description: Ever-updated Comprehensive Hacking/Security Links Repository
  Goal: To be the Best Hacking Directory of All Times
  Started: March 2008