GITBOOK-52: change request with no subject merged in GitBook

README (1).md

@@ -0,0 +1,41 @@
+# Introduction
+
+![OWASP security knowledge framework](./python/CSRF-weak/static/img/logo.svg)
+
+Here we find all the labs and write-ups for the security knowledge framework!\
+These labs are correlated to knowledge-base id's which are on their place\
+again correlated to security controls such as from the ASVS or NIST, etc.
+
+The labs are all downloadable from the following Github repository:
+
+{% hint style="info" %}
+[SKF Labs repo](https://github.com/Security-Knowledge-Framework/Labs)
+{% endhint %}
+
+The images can also be found on the skf docker hub. These skf-labs images are automatically pushed to the docker registry on each commit to the Github repository.
+
+## Useful tools
+
+First thing we need to do is to be able to investigate the requests that are being made by the labs/applications. We do this by setting up our intercepting proxy so we can gain more understanding of the application under test.
+
+{% hint style="info" %}
+Burp suite:\
+[https://portswigger.net/burp/communitydownload](https://portswigger.net/burp/communitydownload)
+{% endhint %}
+
+{% hint style="info" %}
+ZAP: For the latest features we want to advise to use the Weekly build of ZAP. This is using the latest and greatest improvements + Libraries [https://www.zaproxy.org/download/#weekly](https://www.zaproxy.org/download/#weekly)
+{% endhint %}
+
+## How to add a Lab & write-up
+
+When you want to contribute and add your own labs then please make sure you use the styling template in one of the lab challenges. We think its really important to have one look and feel and for able to merge your lab its required to use the SKF template. You can copy this from any of the labs we currently already have.
+
+For adding the write-up for the lab we advice to create a copy of on existing write-up and work from there or use the template.md file as a base. You can store all your images in .gitbook/assets/ and also make sure you correlate your lab to one of the knowledge base item identifier in SKF. When you completed the lab and the write-up you only have to add it to the SUMMARY.md file and you are ready to create your Pull Request.
+
+After the pull request you can find your nice styled write-up here: [https://skf.gitbook.io/asvs-write-ups/](https://skf.gitbook.io/asvs-write-ups/)
+
+## Deploying SKF Lab's from your terminal
+
+You can now deploy skf-lab from your terminal, with [joyghoshs/skf-cli](https://github.com/joyghoshs/skf-cli), you don't need to setup server if you don't want to with skf-cli you can deploy lab with security knowledge frameworks own api, if you want you can also search and deploy lab using skf-cli.
+

README.md

@@ -1,6 +1,6 @@
 # Introduction
 
-![OWASP security knowledge framework](./python/CSRF-weak/static/img/logo.svg)
+![security knowledge framework](python/CSRF-weak/static/img/logo.svg)
 
 Here we find all the labs and write-ups for the security knowledge framework!\
 These labs are correlated to knowledge-base id's which are on their place\
@@ -38,4 +38,3 @@ After the pull request you can find your nice styled write-up here: [https://skf
 ## Deploying SKF Lab's from your terminal
 
 You can now deploy skf-lab from your terminal, with [joyghoshs/skf-cli](https://github.com/joyghoshs/skf-cli), you don't need to setup server if you don't want to with skf-cli you can deploy lab with security knowledge frameworks own api, if you want you can also search and deploy lab using skf-cli.
-

auth-bypass-1/README.md

@@ -0,0 +1,2 @@
+# Auth Bypass - 1
+

auth-bypass-2/README.md

@@ -0,0 +1,2 @@
+# Auth Bypass - 2
+

auth-bypass-3/README.md

@@ -0,0 +1,2 @@
+# Auth-bypass - 3
+

auth-bypass-simple/README.md

@@ -0,0 +1,2 @@
+# Auth-bypass - Simple
+

auth-bypass/README.md

@@ -0,0 +1,2 @@
+# Auth Bypass
+

client-side-restriction-bypass-harder/README.md

@@ -0,0 +1,2 @@
+# Client Side Restriction Bypass - Harder
+

client-side-restriction-bypass/README.md

@@ -0,0 +1,2 @@
+# Client Side Restriction Bypass
+

client-side-template-injection-csti/README.md

@@ -0,0 +1,2 @@
+# Client Side Template Injection (CSTI)
+

command-injection-2-cmd-2/README.md

@@ -0,0 +1,2 @@
+# Command Injection 2 (CMD-2)
+

command-injection-3-cmd-3/README.md

@@ -0,0 +1,2 @@
+# Command Injection 3 (CMD-3)
+

command-injection-4-cmd-4/README.md

@@ -0,0 +1,2 @@
+# Command Injection 4 (CMD-4)
+

command-injection-4-cmd-4/python-command-injection-4-cmd-4.md

@@ -0,0 +1,2 @@
+# Python - Command Injection 4 (CMD-4)
+

command-injection-blind-cmd-blind/README.md

@@ -0,0 +1,2 @@
+# Command Injection Blind (CMD-Blind)
+

command-injection-cmd/README.md

@@ -0,0 +1,2 @@
+# Command Injection (CMD)
+

content-security-policy-csp/README.md

@@ -0,0 +1,2 @@
+# Content-Security-Policy (CSP)
+

cors-exploitation/README.md

@@ -0,0 +1,2 @@
+# CORS exploitation
+

credentials-guessing-2/README.md

@@ -0,0 +1,2 @@
+# Credentials Guessing - 2
+

credentials-guessing/README.md

@@ -0,0 +1,2 @@
+# Credentials Guessing
+

cross-site-scripting-attribute-xss-attribute/README.md

@@ -0,0 +1,2 @@
+# Cross Site Scripting - Attribute (XSS-Attribute)
+

cross-site-scripting-dom-2-xss-dom-2/README.md

@@ -0,0 +1,2 @@
+# Cross Site Scripting - DOM-2 (XSS-DOM-2)
+

cross-site-scripting-dom-xss-dom/README.md

@@ -0,0 +1,2 @@
+# Cross Site Scripting - DOM (XSS-DOM)
+

cross-site-scripting-href-xss-href/README.md

@@ -0,0 +1,2 @@
+# Cross Site Scripting - href (XSS-href)
+

cross-site-scripting-stored-xss-stored/README.md

@@ -0,0 +1,2 @@
+# Cross Site Scripting - Stored (XSS-Stored)
+

cross-site-scripting-xss/README.md

@@ -0,0 +1,2 @@
+# Cross Site Scripting (XSS)
+

csrf-samesite/README.md

@@ -0,0 +1,2 @@
+# CSRF - Samesite
+

csrf-weak/README.md

@@ -0,0 +1,2 @@
+# CSRF - Weak
+

csrf/README.md

@@ -0,0 +1,2 @@
+# CSRF
+

css-injection-cssi/README.md

@@ -0,0 +1,2 @@
+# CSS Injection (CSSI)
+

deserialisation-java-des-java/README.md

@@ -0,0 +1,2 @@
+# Deserialisation Java (DES-Java)
+

deserialisation-pickle-2-des-pickle-2/README.md

@@ -0,0 +1,2 @@
+# Deserialisation Pickle 2 (DES-Pickle-2)
+

deserialisation-pickle-des-pickle/README.md

@@ -0,0 +1,2 @@
+# Deserialisation Pickle (DES-Pickle)
+

deserialisation-yaml-des-yaml/README.md

@@ -0,0 +1,2 @@
+# Deserialisation Yaml (DES-Yaml)
+

dos-regex/README.md

@@ -0,0 +1,2 @@
+# DoS Regex
+

exposed-docker-daemon/README.md

@@ -0,0 +1,2 @@
+# Exposed docker daemon
+

file-upload/README.md

@@ -0,0 +1,2 @@
+# File upload
+

formula-injection/README.md

@@ -0,0 +1,2 @@
+# Formula Injection
+

graphql-dos/README.md

@@ -0,0 +1,2 @@
+# GraphQL DOS
+

graphql-idor/README.md

@@ -0,0 +1,2 @@
+# GraphQL IDOR
+

graphql-injections/README.md

@@ -0,0 +1,2 @@
+# GraphQL Injections
+

graphql-introspection/README.md

@@ -0,0 +1,2 @@
+# GraphQL Introspection
+

graphql-introspection/nodejs-graphql-introspection.md

@@ -0,0 +1,2 @@
+# NodeJS - GraphQL Introspection
+

graphql-mutations/README.md

@@ -0,0 +1,2 @@
+# GraphQL Mutations
+

host-header-injection-authentication-bypass/README.md

@@ -0,0 +1,2 @@
+# Host Header Injection (Authentication Bypass)
+

host-header-injection-authentication-bypass/python-httponly-session-hijacking-xss.md

@@ -0,0 +1,2 @@
+# Python - HttpOnly Session Hijacking XSS
+

httponly-session-hijacking-xss/README.md

@@ -0,0 +1,2 @@
+# HttpOnly Session Hijacking XSS
+

information-leakeage-in-comments/README.md

@@ -0,0 +1,2 @@
+# Information Leakeage in Comments
+

information-leakeage-in-metadata/README.md

@@ -0,0 +1,2 @@
+# Information Leakeage in Metadata
+

insecure-direct-object-references-idor/README.md

@@ -0,0 +1,2 @@
+# Insecure Direct Object References (IDOR)
+

jwt-null/README.md

@@ -0,0 +1,2 @@
+# JWT Null
+

jwt-secret/README.md

@@ -0,0 +1,2 @@
+# JWT Secret
+