๐OWASP Top 10
Learn about and exploit each of the vulnerabilities; the 10 most critical web security risks.
Room Attributes | Value |
---|---|
Subscription Required | False [Free] |
Type | Walkthrough |
Difficulty | Easy |
Tags | OWASP, Top 10, Injection, Broken Authentication |
Task 1 Introduction
This room breaks each category in the OWASP Top 10 (2017) project down and includes details on what the vulnerability is, how it occurs and how you can exploit it. You will put the theory into practise by completing supporting challenges.
Injection
Broken Authentication
Sensitive Data Exposure
XML External Entity
Broken Access Control
Security Misconfiguration
Cross-site Scripting
Insecure Deserialization
Components with Known Vulnerabilities
Insufficent Logging & Monitoring
The room has been designed for beginners and assume no previous knowledge of security.
Read the above.
No answer needed
Task 2 Accessing machines
Connect to our network or deploy the AttackBox.
No answer needed
Task 3 [Severity 1] Injection
I've understood Injection attacks.
No answer needed
Task 4 [Severity 1] OS Command Injection
I've understood command injection.
No answer needed
Task 5 [Severity 1] Command Injection Practical
Task 5 - Command Injection PracticalTask 6 [Severity 2] Broken Authentication
I've understood broken authentication mechanisms.
No answer needed
Task 7 [Severity 2] Broken Authentication Practical
Task 7 - Broken Authentication PracticalTask 8 [Severity 3] Sensitive Data Exposure (Introduction)
Read the introduction to Sensitive Data Exposure and deploy the machine.
No answer needed
Task 9 [Severity 3] Sensitive Data Exposure (Supporting Material 1)
Read and understand the supporting material on SQLite Databases.
No answer needed
Task 10 [Severity 3] Sensitive Data Exposure (Supporting Material 2)
Read the supporting material about cracking hashes.
No answer needed
Task 11 [Severity 3] Sensitive Data Exposure (Challenge)
Task 11 - Sensitive Data Exposure (Challenge)Task 12 [Severity 4] XML External Entity
Deploy the machine attached to the task.
No answer needed
Task 13 [Severity 4] XML External Entity - eXtensible Markup Language
Task 13 - XML External Entity - eXtensible Markup LanguageTask 14 [Severity 4] XML External Entity - DTD
Task 14 - XML External Entity - DTDTask 15 [Severity 4] XML External Entity - XXE Payload
Try the payload mentioned in description on the website.
No answer needed
Task 16 [Severity 4] XML External Entity - Exploiting
Task 16 - XML External Entity - ExploitingTask 17 [Severity 5] Broken Access Control
Read and understand how broken access control works.
No answer needed
Task 18 [Severity 5] Broken Access Control (IDOR Challenge)
Task 18 - Broken Access Control (IDOR Challenge)Task 19 [Severity 6] Security Misconfiguration
Task 19 - Security MisconfigurationTask 20 [Severity 7] Cross-site Scripting
Task 20 - Cross-site ScriptingTask 21 [Severity 8] Insecure Deserialization
Task 21 - Insecure DeserializationTask 22 [Severity 8] Insecure Deserialization - Objects
Select the correct term of the following statement "if a dog was sleeping", would this be: A) A State, B) A Behaviour
Task 23 [Severity 8] Insecure Deserialization - Deserialization
What is the name of the base-2 formatting that data is sent across a network as?
Task 24 [Severity 8] Insecure Deserialization - Cookies
Task 24 - Insecure Deserialization - CookiesTask 25 [Severity 8] Insecure Deserialization - Cookies Practical
Task 25 - Insecure Deserialization - Cookies PracticalTask 26 [Severity 8] Insecure Deserialization - Code Execution
flag.txt
Task 27 [Severity 9] Components With Known Vulnerabilities - Intro
Read above.
No answer needed
Task 28 [Severity 9] Components With Known Vulnerabilities - Exploit
Read the above!
No answer needed
Task 29 [Severity 9] Components With Known Vulnerabilities - Lab
How many characters are in /etc/passwd (use wc -c /etc/passwd to get the answer)
HINT: You know its a bookstore application, you should check for recent unauthenticated bookstore app rce's.
Task 30 [Severity 10] Insufficient Logging and Monitoring
Task 30 - Insufficient Logging and MonitoringTask 31 What Next?
Donate to the OWASP Foundation!
Read the above!
No answer needed
Last updated