看看理论阅读web安全深度剖析
乌云网:http://www.anquan.us/search?keywords=&&content_search_by=by_drops&&search_by_html=False&&page=1
漏洞靶场搭建:https://blog.csdn.net/whatday/article/details/97761595
漏洞银行:http://skills.bugbank.cn/
SQL注入关联分析:www.anquan.us/static/drops/web-16972.html
Python urllib HTTP头注入漏洞:http://www.anquan.us/static/drops/papers-16905.html
BurpSuite插件开发指南之 Python 篇:http://www.anquan.us/static/drops/tools-16261.html
