Owasp Top-10 2013-2017

If you are new to web-pentesting and eager to learn and practice OWASP Top 10, I recommend first download OWASP Broken Web Applications Project(bWAPP). As I have demonstrated the vulnerabilities using this Resources. So going along through my blogs you can also practice and learn.

Owasp Top-10 2013

• A1-Injection
  • HTML Injection -Reflected (GET)
  • HTML Injection -Reflected (POST)
  • HTML Injection -Reflected (URL)
  • HTML Injection -Stored (Blog)
  • iFrame Injection
  • OS Command Injection
  • OS Command Injection –Blind
  • PHP Code Injection
  • Server-Side Includes (SSI) Injection
  • SQL Injection (Search/GET)
  • SQL Injection (Select/GET)
  • SQL Injection (Search/POST)
  • SQL Injection (POST/Select)
  • SQL Injection (AJAX/JSON/jQuery)
  • SQL Injection (CAPTCHA)
  • SQL Injection (Login Form/Hero)
  • SQL Injection (Login Form/User)
  • SQL Injection (SQLite)
  • SQL Injection (Drupal)
  • SQL Injection -Stored (Blog)
  • SQL Injection -Stored (SQLite)
  • SQL Injection -Stored (User-Agent)
  • SQL Injection -Blind -Boolean-Based
  • SQL Injection -Blind -Time-Based
  • XML/XPath Injection (Login Form)
  • XML/XPath Injection (Search)
• A2-Broken Authentication and Session Management
• A3-Cross-Site Scripting (XSS)
• A4-Insecure Direct object Reference
• A5-Security Misconfiguration
• A6-Sensitive Data Exposure
• A7-Missing Function Level Access Control
• A8-Cross-Site Request Forgery (CSRF)
• A9-Using Components with known Vulnerability
• A10-Unvalidated Redirects & Forwards

~ Hack the World and Stay Noob

Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram

• iFrame Injection 07 Feb 2018

• XML\XPath Injection (Search) 07 Feb 2018

• XML\XPath Injection (Login Form) 07 Feb 2018

• Server-Side Includes (SSI) Injection 07 Feb 2018

• SQL Injection -Stored (User-Agent) 07 Feb 2018

• SQL Injection -Stored (SQLite) 07 Feb 2018

• SQL Injection -Stored (Blog) 07 Feb 2018

• SQL Injection -Blind -Time-Based 07 Feb 2018

• SQL Injection -Blind -Boolean-Based 07 Feb 2018

• SQL Injection (Search\GET) 07 Feb 2018

• SQL Injection (SQLite) 07 Feb 2018

• SQL Injection (POST\Select) 07 Feb 2018

• SQL Injection (Login Form\User) 07 Feb 2018

• SQL Injection (Login Form\Hero) 07 Feb 2018

• SQL Injection (Drupal) 07 Feb 2018

• SQL Injection (Select\GET) 07 Feb 2018

• SQL Injection (Search\POST) 07 Feb 2018

• SQL Injection (CAPTCHA) 07 Feb 2018

• SQL Injection (AJAX\JSON\jQuery) 07 Feb 2018

• PHP Code Injection 07 Feb 2018

• OS Command Injection –Blind 07 Feb 2018

• OS Command Injection 07 Feb 2018

• HTML Injection -Stored (Blog) 07 Feb 2018

• HTML Injection -Reflected (URL) 07 Feb 2018

• HTML Injection-Reflected (POST) 07 Feb 2018

• HTML Injection-Reflected (GET) 07 Feb 2018

• (OWASP) A9-Using Components with known Vulnerability 30 Jan 2018

• (OWASP) A8-Cross-Site Request Forgery (CSRF) 30 Jan 2018

• (OWASP) A7-Missing Function Level Access Control 30 Jan 2018

• (OWASP) A6-Sensitive Data Exposure 30 Jan 2018

• (OWASP) A5-Security Misconfiguration 30 Jan 2018

• (OWASP) A4-Insecure Direct object Reference 30 Jan 2018

• (OWASP) A3-Cross-Site Scripting (XSS) 30 Jan 2018

• (OWASP) A2-Broken Authentication and Session Management 30 Jan 2018

• (OWASP) A10-Unvalidated Redirects & Forwards 30 Jan 2018

• (OWASP) A1-Injection 30 Jan 2018