[ Auditing With OWASP ] :: [ Introduction ]

OWASP
This entry is part 2 of 4 in the series [ Auditing With the OWASP Top 10 ]

The OWASP Top Ten Project First, see the wiki entry on the project at: https://owasp.org/www-project-top-ten/ While you’re at it, get the Testing Checklist: https://www.owasp.org/index.php/Testing_Checklist You’ll need the OWASP Proactive Controls for Developers: https://www.owasp.org/images/b/bc/OWASP_Top_10_Proactive_Controls_V3.pdf Assignments Install the FoxyProxy plugin in Firefox. Download and set up Burp Suite. Configure FoxyProxy to use Burp as necessary. Download and …

[ Auditing With OWASP ] :: [ Vulnerability A1: Injection ]

OWASP
This entry is part 3 of 4 in the series [ Auditing With the OWASP Top 10 ]

Vulnerability A1: Injection Remember to get the OWASP Proactive Controls for Developers: https://www.owasp.org/images/b/bc/OWASP_Top_10_Proactive_Controls_V3.pdf Practice and Process Open a browser tab to: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Once you are there, do a search in the page to highlight all occurrences of injection. Scroll down to the HTML and CSS injections. Open and read those sections. See this video on …

[ Auditing With OWASP ] :: [ Vulnerability A7: Cross-Site Scripting XSS ]

This entry is part 4 of 4 in the series [ Auditing With the OWASP Top 10 ]

Vulnerability A7: Cross-Site Scripting XSS XSS is oh, so useful for oh, so many things. Here’s a summary: https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A7-Cross-Site_Scripting_(XSS) Practice and Process Okay, start here: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents You’ll see that the wiki is “retired”, and the new website (hopefully) holds all the old material too. We need: XSS Filter Evasion Cheat Sheet https://owasp.org/www-community/xss-filter-evasion-cheatsheet Scan down the …