OWASP Top 10

Learn about and exploit each of the vulnerabilities; the 10 most critical web security risks.

Room Attributes

Value

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Easy

Task 1 Introduction

This room breaks each category in the OWASP Top 10 (2017) project down and includes details on what the vulnerability is, how it occurs and how you can exploit it. You will put the theory into practise by completing supporting challenges.

Injection
Broken Authentication
Sensitive Data Exposure
XML External Entity
Broken Access Control
Security Misconfiguration
Cross-site Scripting
Insecure Deserialization
Components with Known Vulnerabilities
Insufficent Logging & Monitoring

The room has been designed for beginners and assume no previous knowledge of security.

Read the above.

No answer needed

Task 2 Accessing machines

Connect to our network or deploy the AttackBox.

No answer needed

Task 3 [Severity 1] Injection

I've understood Injection attacks.

No answer needed

Task 4 [Severity 1] OS Command Injection

I've understood command injection.

No answer needed

Task 5 [Severity 1] Command Injection Practical

Task 6 [Severity 2] Broken Authentication

I've understood broken authentication mechanisms.

No answer needed

Task 7 [Severity 2] Broken Authentication Practical

Task 8 [Severity 3] Sensitive Data Exposure (Introduction)

Read the introduction to Sensitive Data Exposure and deploy the machine.

No answer needed

Task 9 [Severity 3] Sensitive Data Exposure (Supporting Material 1)

Read and understand the supporting material on SQLite Databases.

No answer needed

Task 10 [Severity 3] Sensitive Data Exposure (Supporting Material 2)

Read the supporting material about cracking hashes.

No answer needed

Task 11 [Severity 3] Sensitive Data Exposure (Challenge)

Task 12 [Severity 4] XML External Entity

Deploy the machine attached to the task.

No answer needed

Task 13 [Severity 4] XML External Entity - eXtensible Markup Language

Task 14 [Severity 4] XML External Entity - DTD

Task 15 [Severity 4] XML External Entity - XXE Payload

Try the payload mentioned in description on the website.

No answer needed

Task 16 [Severity 4] XML External Entity - Exploiting

Task 17 [Severity 5] Broken Access Control

Read and understand how broken access control works.

No answer needed

Task 18 [Severity 5] Broken Access Control (IDOR Challenge)

Task 19 [Severity 6] Security Misconfiguration

Task 20 [Severity 7] Cross-site Scripting

Task 21 [Severity 8] Insecure Deserialization

Task 22 [Severity 8] Insecure Deserialization - Objects

Select the correct term of the following statement "if a dog was sleeping", would this be: A) A State, B) A Behaviour

Task 23 [Severity 8] Insecure Deserialization - Deserialization

What is the name of the base-2 formatting that data is sent across a network as?

Task 24 [Severity 8] Insecure Deserialization - Cookies

Task 25 [Severity 8] Insecure Deserialization - Cookies Practical

Task 26 [Severity 8] Insecure Deserialization - Code Execution

flag.txt

Task 27 [Severity 9] Components With Known Vulnerabilities - Intro

Read above.

No answer needed

Task 28 [Severity 9] Components With Known Vulnerabilities - Exploit

Read the above!

No answer needed

Task 29 [Severity 9] Components With Known Vulnerabilities - Lab

How many characters are in /etc/passwd (use wc -c /etc/passwd to get the answer)

HINT: You know its a bookstore application, you should check for recent unauthenticated bookstore app rce's.

Task 30 [Severity 10] Insufficient Logging and Monitoring

Task 31 What Next?

Donate to the OWASP Foundation!

Read the above!

No answer needed

PreviousTask 6 - What is Google Dorking?NextTask 5 - Command Injection Practical

Last updated 2 years ago