Professional Documents
Culture Documents
Top 10
-eat S-eets
Tutorials
5uides
>ac?$ar
XSS %e
S@L Inject %e
-rome extensions
9ox&Prox&
oo?ies
Least pri7ile,e
$rea? itD
9urt-er details 8ound -ere/
-ttps/001112o1asp2or,0index2p-p0Top3103'01()A1)Injection
W-at is XSS
12Attac?er Injects :,enerall& malicious< code into
1ebsite2
'2W-en 7ictim re=uests 1ebsite code6 attac?ers
code is executed2
Varieties
9ile ;pload
4e8lected :non)persistent<
Stored
Sanitise
$rea? itD
9urt-er details 8ound -ere/
-ttps/001112o1asp2or,0index2p-p0Top3103'01()A()ross)Site3Scriptin,3:XSS<
Axtra 4esources
Sanitisin, ;ser Input
-ttp/00blo,2binar&mist2net0'01'01100F0sanitisin,)user)input)8rom)bro1ser)part)10
-ttp/00blo,2binar&mist2net0'01'01101+0sanitisin,)user)input)8rom)bro1ser)part)'0
Write)up on Kali Linux
-ttp/00pentestma,2com0
Tool jun?&G -ec? out t-is collection
-ttp/001112so8t1are=atest2com0=at1eb12-tml
.eliberate Insecure Tar,ets and Trainin,
Plat8orms t-at IB7e screened2
"ebula/ -ttp/00exploit)exercises2com0
Acunetix (/ -ttp/00testaspnet27uln1eb2com0
%utillidae/
-ttp/001112iron,ee?2com0i2p-pGpa,eHmutillidae0mutillidae)deliberatel&)7ulnerable)p-p)o1asp)top)10
Aas& to 8ollo12 5eared to1ards lassroom An7ironment2
.eliberate Insecure Tar,ets and Trainin,
Plat8orms t-at IB7e screened2
Web5oat
)Plat8orm/ E'AA 1eb application
)Install/ Sel8 contained Tomcat ser7er &ou can run 8rom a
director& under Windo1s or Linux
)"otes/ Lo7e t-e 8act itBs so sel8 contained and eas& to run2 $&
de8ault it onl& listens on t-e loop)bac? address6 so &ou can run
it 8rom &our 1or?station a production net1or? 1it- little 1orries2
)>o1toBs/ -ttp/001ebappsecmo7ies2source8or,e2net01eb,oat0
)Settin, up on non local-ost/
-ttps/00code2,oo,le2com0p01eb,oat01i?i09A@
OWASP $ro?en Web Applications project/
)-ttps/00code2,oo,le2com0p0o1aspb1a01i?i0;ser5uide
T-is -as a ,reat selection o8 trainin, apps alon, 1it-
intentionall& 7ulnerable apps2
)It contains a lot o8 t-e apps alread& discussed2