https://owasp.org/www-project-top-ten/ https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/
https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_Top_10.html
https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A1-Injection
- How to test
- How to prevent
- Where to practice
- https://redtiger.labs.overthewire.org/
- https://www.hacksplaining.com/exercises/sql-injection
- Your old, not patched router administration panel (PING functionality)
https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A2-Broken_Authentication
- How to test
- https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html
- https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html
- https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html
- https://cheatsheetseries.owasp.org/cheatsheets/Credential_Stuffing_Prevention_Cheat_Sheet.html
- How to prevent
- https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret
- https://owasp.org/www-project-application-security-verification-standard/, section
V2: Authentication Verification Requirements
- Where to practice?
- Just test your own application ;)
https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_Exposure
- How to test
- https://www.ssllabs.com/ssltest/
- https://github.com/sullo/nikto
- https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html
- https://cheatsheetseries.owasp.org/cheatsheets/User_Privacy_Protection_Cheat_Sheet.html
- https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
- https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html
- How to prevent *