[ Auditing With OWASP ] :: [ Class 1: Beginning ]

OWASP
This entry is part 2 of 3 in the series [ Auditing With the OWASP Top 10 ]

The OWASP Top Ten Project First, see the wiki entry on the project at: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project The Top Ten proper: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf (yes really). While you’re at it, get the Testing Checklist: https://www.owasp.org/index.php/Testing_Checklist You’ll need the OWASP Proactive Controls for Developers: https://www.owasp.org/images/b/bc/OWASP_Top_10_Proactive_Controls_V3.pdf Assignments Install the FoxyProxy plugin in Firefox. Download and set up Burp Suite. Configure FoxyProxy …

[ Auditing With OWASP ] :: [ Class 2: Injection ]

OWASP
This entry is part 3 of 3 in the series [ Auditing With the OWASP Top 10 ]

Vulnerability A1: Injection Remember to get the OWASP Proactive Controls for Developers: https://www.owasp.org/images/b/bc/OWASP_Top_10_Proactive_Controls_V3.pdf Practice and Process Open a browser tab to: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Once you are there, do a search in the page to highlight all occurrences of injection. Scroll down to the HTML and CSS injections. Open and read those sections. See this video on …