Skip to content

Ksaivinay0708/OWASP

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

80 Commits

A1.INJECTION

A1.INJECTION

 
 

A2.BROKEN_AUTHENTICATION_AND_SESSION_MANAGEMENT

A2.BROKEN_AUTHENTICATION_AND_SESSION_MANAGEMENT

 
 

A3.XSS

A3.XSS

 
 

A8.CSRF

A8.CSRF

 
 

README.md

README.md

 
 

Repository files navigation

OWASP-Top-10-practice

This repository used for save results of learning Web Application Security on practice. It contains files by categories OWASP TOP10 2013. At the beginning those files were with vulnerable code. After some tests, vulnerabilities were patched. If you want, you may use this files to your experiments. It is very easy to make files vulnerable again.

Links, that used in learning by categories:

A10. Unvalidated Redirects and Forwards
https://www.owasp.org/index.php/Top_10_2013-A10-Unvalidated_Redirects_and_Forwards

A9. Using Components with Known Vulnerabilities
https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities

A8. Cross-Site Request Forgery
https://www.owasp.org/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF)
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
https://www.owasp.org/index.php/Testing_for_CSRF_(OTG-SESS-005)
https://www.owasp.org/index.php/Reviewing_code_for_Cross-Site_Request_Forgery_issues
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
http://cwe.mitre.org/data/definitions/352.html
https://en.wikipedia.org/wiki/Cross-site_request_forgery#_note-1

A7. Missing Function Level Access Control
https://www.owasp.org/index.php/Top_10_2007-Failure_to_Restrict_URL_Access
https://www.owasp.org/index.php/Top_10_2013-A7-Missing_Function_Level_Access_Control
https://www.owasp.org/index.php/Path_Traversal
https://www.owasp.org/index.php/Testing_Directory_traversal/file_include_(OTG-AUTHZ-001)
https://www.owasp.org/index.php/Category:Access_Control
https://www.owasp.org/index.php/Access_Control_Cheat_Sheet#tab=Introduction
https://www.owasp.org/index.php/Forced_browsing
http://cwe.mitre.org/data/definitions/285.html

A6. Sensitive Data Exposure
https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure
https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet
https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001)
http://cwe.mitre.org/data/definitions/319.html
http://cwe.mitre.org/data/definitions/310.html
http://cwe.mitre.org/data/definitions/312.html
http://cwe.mitre.org/data/definitions/326.html

A5. Security Misconfiguration
http://cwe.mitre.org/data/definitions/2.html
https://www.owasp.org/index.php/Top_10_2013-A5-Security_Misconfiguration
https://www.owasp.org/index.php/A10_2004_Insecure_Configuration_Management
https://www.owasp.org/index.php/Testing_for_Error_Code_(OTG-ERR-001)
https://www.owasp.org/index.php/Error_Handling
https://www.owasp.org/index.php/Configuration
https://www.pcmag.com/article2/0,2817,11525,00.asp
https://www.owasp.org/index.php/Testing_for_configuration_management

A4. Insecure Direct Object References
http://cwe.mitre.org/data/definitions/639.html
https://www.owasp.org/index.php/Top_10_2007-Insecure_Direct_Object_Reference
https://www.owasp.org/index.php/Testing_Directory_traversal/file_include_(OTG-AUTHZ-001)
http://cwe.mitre.org/data/definitions/22.html

A3. Cross-site Scripting
https://www.owasp.org/index.php/Data_Validation
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting
https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_(OTG-INPVAL-001)
https://www.owasp.org/index.php/Testing_for_Stored_Cross_site_scripting_(OTG-INPVAL-002)
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
https://www.owasp.org/index.php/DOM_Based_XSS
https://www.owasp.org/index.php/Testing_for_DOM-based_Cross_site_scripting_(OTG-CLIENT-001)
https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet
https://www.owasp.org/images/c/c5/Unraveling_some_Mysteries_around_DOM-based_XSS.pdf
https://www.owasp.org/index.php/Reviewing_Code_for_Cross-site_scripting
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
https://www.owasp.org/index.php/Content_Security_Policy
http://seclists.org/fulldisclosure/2006/Feb/40
http://capec.mitre.org/data/definitions/64.html
http://cwe.mitre.org/data/definitions/79.html
http://cwe.mitre.org/data/definitions/184.html
http://cwe.mitre.org/data/definitions/80.html
http://cwe.mitre.org/data/definitions/81.html
http://cwe.mitre.org/data/definitions/83.html
http://cwe.mitre.org/data/definitions/84.html
http://cwe.mitre.org/data/definitions/85.html
http://cwe.mitre.org/data/definitions/86.html
http://cwe.mitre.org/data/definitions/87.html
http://cwe.mitre.org/data/definitions/692.html
http://cwe.mitre.org/data/definitions/621.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5249

A2. Broken authentication and session management
https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet
https://www.owasp.org/index.php/Authentication_Cheat_Sheet
https://static.javadoc.io/org.owasp.esapi/esapi/2.1.0.1/org/owasp/esapi/Authenticator.html
http://cwe.mitre.org/data/definitions/287.html
https://www.owasp.org/index.php/Session_fixation
http://cwe.mitre.org/data/definitions/384.html
http://www.acros.si/papers/session_fixation.pdf
https://www.owasp.org/index.php/Testing_for_authentication
https://www.owasp.org/index.php/Session_Management_Cheat_Sheet

A1. Injection Flaws
https://www.owasp.org/index.php/SQL_Injection_Bypassing_WAF
http://cwe.mitre.org/data/definitions/89.html
https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet
https://www.owasp.org/index.php/Command_Injection
https://www.owasp.org/index.php/Code_Injection
https://www.owasp.org/index.php/Reviewing_Code_for_SQL_Injection
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
http://cwe.mitre.org/data/definitions/77.html
https://www.owasp.org/index.php/Data_Validation
https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection
https://habrahabr.ru/post/148701/
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
https://gist.github.com/staaldraad/01415b990939494879b4
https://www.owasp.org/index.php/XPATH_Injection

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages