OWASP tutorials, training, videos, and content.
Hello and welcome to this OWASP Top 10 vulnerabilities course. Today’s blog post is about Injection. By the end of this post, you will have understood the following points: What is OWASP Top 10 Injection? Why Injection is on the top of the OWASP Top 10 vulnerabilities? What is the difference between error and blind-based …
If you are here, chances are that you want to learn web application security or the OWASP Top 10, but you don’t know where to start. Well, let me tell you that you came to the right place. I’m a penetration tester who enjoys breaking into my clients’ infrastructure and web applications. Besides, I train …
Hello and welcome to this last episode of the OWASP Top 10 series. Today’s subject is about Insufficient logging and monitoring. The world of information security is an ever-changing landscape. Every day, new vulnerabilities emerge and new exploits get published. However, this is just the tip of the iceberg. In fact, there are so many …
Hello dear readers and welcome to this new OWASP Top 10 episode. Today, you will learn why using components with known vulnerabilities is bad, how to exploit it and how to mitigate it. So far, we’ve seen how you can write secure code which doesn’t expose security vulnerabilities. However, you might write 100% secure code …
Hello ethical hackers and welcome to this new episode of the OWASP Top 10 vulnerabilities series. In this blog post, you will learn Insecure Deserialization vulnerability. The plan is as follows: Insecure deserialization definition: This where you will learn the key terminologies and concepts behind this vulnerability, Examples of insecure deserialization in different programming languages: …
Hello ethical hackers! Welcome to this new episode of the OWASP Top 10 vulnerabilities series. In this article, you will learn Cross-Site Scripting (XSS). I’ve prepared a free practical testing lab VM which contains the best vulnerable web applications. The best approach to learn hacking is practice! There is so much content addressing this subject, …
Hello dear readers and welcome to this new OWASP Top 10 vulnerabilities episode. Today’s article is about Security misconfiguration. You will learn one of the most impactful vulnerabilities which some bug bounty hunters specialize in. Yet, many security testers overlook it. We will explore the following points: Define Security misconfiguration: First, we need to start …
Hello ethical hackers, welcome to a new chapter of the OWASP Top 10 vulnerabilities series. In this article, we will explore OWASP Broken Access Control. You will learn the following: What is Broken Access Control? What are access control vulnerabilities, and how to exploit them? Attacks in the wild What is the impact of Broken …
Hello ethical hackers and welcome to this new episode of the OWASP Top 10 vulnerabilities series. In this blog post, you will learn all aspects of the IDOR vulnerability. You will start with the basics and gradually build your knowledge. When you finish reading this article, you will have a solid understanding of IDOR. Besides, …
Hello ethical hackers and welcome again to this OWASP Top 10 training series. In this hands-on IDOR tutorial, you will practice what you’ve learned about the IDOR vulnerability we explored earlier. Specifically, you will leverage IDOR to: Access other users’ data using simple IDs and UUIDs Impersonate other users Hunt for hard IDs Delete other …