The OWASP Top Ten Project
First, see the wiki entry on the project at:
The Top Ten proper:
While you’re at it, get the Testing Checklist:
You’ll need the OWASP Proactive Controls for Developers:
- Install the FoxyProxy plugin in Firefox.
- Download and set up Burp Suite. Configure FoxyProxy to use Burp as necessary.
- Download and set up OWASP ZAP.
- Set up XAMPP so you’ll have a local testing target:
- Download and set up bWAPP:
Practice and Process
In the Testing Guide, conduct the 4.2 Information Gathering steps.
Targets for Testing the OWASP Top 10 Vulnerabilities
Root-me.org has Web Client and Web Server areas. You will need to set up an account.
HackThisSite has several categories of challenges. Yes, create an account. You’ll use it.
Mutillidae (included in Metasploitable2)
DVWA: Damn Vulnerable Web App