Testing the Top 10 Web Application Vulnerabilities.md

Testing the Top 10 Web Application Vulnerabilities

PNPT Walkthroughs

1. SQL Injection Attacks
2. Broken Authentication
3. Sensitive Data Exposure
4. XML External Entities (XXE)

OWASP Stuffs

• https://github.com/OWASP/wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services
• https://github.com/tanprathan/OWASP-Testing-Checklist
• https://owasp.org/www-project-web-security-testing-guide/stable/

Installing OWASP Juice Shop

Alternatives to Localing Hosting Juice Shop

For whatever reason you might might to run this in a different way. Using docker was relatively easy for me on a new Kali Linux instance.

• TryHackMe - THM-OWASP Juice Shop
• GitPod - https://gitpod.io/#https://github.com/juice-shop/juice-shop/
• #OWASP Juice Shop via Docker - ok this was easy even on ARM64

OWASP Juice Shop via Docker

OWASP Juice Shop Repo: https://github.com/bkimminich/juice-shop The Guide: https://pwning.owasp-juice.shop/

Deploying in Kali:

Install Foxy Proxy

• Add a profile for Burp Suite with 127.0.0.1 IP

https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/

Exploring Burp Suite

Go back and add more notes...

---