Hello and welcome to this OWASP Top 10 training series. Today, you will practice XXE injection on OWASP WebGoat. By the end of this XXE tutorial, you will achieve the following goals: Exploit XXE to Read internal files from the vulnerable server. Pivot from XXE to SSRF Exploit a Blind XXE Perform the Billion laughs …
Hello and welcome to this new episode of the OWASP Top 10 training series. In this Sensitive Data Exposure tutorial, you will practice your skills on three challenges If you have no idea about this vulnerability, I invite you to read this blog post which explains Sensitive Data Exposure in detail. Make sure to subscribe …
Welcome to this new episode on the OWASP Top 10 vulnerabilities series. Today, you’ll learn about the OWASP Sensitive data exposure vulnerability. If you already now the theory behind this vulnerability, you can practice on this tutorial. The agenda will cover the following: Define what is sensitive data exposure Explain Sensitive data exposure types Show …
Welcome to this new episode of the OWASP Top 10 vulnerabilities course. Today, you are going to learn about Broken Authentication and Session Management. Last time, I explained the Injection vulnerability. New upcoming posts will teach you the remaining OWASP Top 10 vulnerabilities. Consider subscribing to the Friday Newsletter. What is Broken Authentication and Session …
Hello and welcome to this new episode of the OWASP Top 10 training series. In this Broken Authentication and Session Management tutorial, you will practice put your knowledge into action on hands-on attack examples. If you don’t know the theory behind this vulnerability, I highly recommend you read it first and then come back. In this …
Welcome to this new episode of the OWASP Top 10 training series. In this blog post, you are going to practice your skills on some SQL injection examples. In the first SQL injection example, we will exploit an error-based use case. Then, we are going to exploit a blind use case in the second SQL …
Welcome to this new episode of the OWASP Top 10 vulnerabilities course, where we explain in detail each vulnerability. In this blog post, you will learn SQL injection.This is a subset of the OWASP Top 10 injection vulnerabilities. If you’d like to have a bigger picture of Injection, I invite you to read this blog …
Welcome back to the OWASP Top 10 training series. Today, we are going to install OWASP Juice Shop using both Heroku and Docker. This is the last step in our OWASP Top 10 lab setup. Last time, we installed OWASP WebGoat. I’ve chosen to add it in this application so that we can experiment with …
Welcome back to the OWASP Top 10 training series. Today, you are going to learn how to install OWASP WebGoat and OWASP WebWolf using both java and Docker. We are slowly but surely building out our OWASP Top 10 lab to start practicing how to exploit the OWASP Top 10 vulnerabilities. If you haven’t been …