OWASP Top 10 web-based vulnerabilities
by MrBr - November 17, 2019 at 05:32 AM
#1
The OWASP Foundation puts all web-based vulnerabilities into 10 categories (the OWASP Top 10)
  1.  Injection: aka "Put data somewhere so that it does something it shouldn't". Examples: SQL Injection, RCE (remote code execution), etc
  2.  Broken Authentication: aka "Login hacks". Hacking is not just code-related. Business logic is part of it.
  3.  Sensitive Data Exposure: See something you're not supposed to see.
  4.  XML External Entities (XXE): Uses XML-related code to cause events in the target
  5.  Broken Access Control: Similar to #2, except this one is more on privileges: low-level user becomes high level.
  6.  Security Misconfiguration: Default accounts, unenforced SSL, no firewall; basically stuff that a careless dev would do
  7.  Cross-site scripting: Typically found in webapps; it's when you run scripts on something that shouldn't.
  8.  Insecure Deserialization: It's when nothing stops you from doing something. Example: changing your user login is as simple as changing URLs.
  9.  Using components with known vulnerabilities: Duh. Devs still forget to patch.
  10.  Insufficient Logging: More a bug than anything else: Might cause stuff like volumetric DDOS.
These are the types of web-based vulnerabilities, so if you wish to be a web-pentester, you have to learn these, or it least some of them.
Good luck.
Reply
#2
Yeah, learning these in depth is a good way to get started with penetration testing web apps. Especially looking at Injection vulnerabilities.
Reply
#3
(November 17, 2019 at 05:38 AM)Zeroxx Wrote: Yeah, learning these in depth is a good way to get started with penetration testing web apps. Especially looking at Injection vulnerabilities.

Injection vulnerabilities are the most effective of those, and some of them are very easy to find in small targets, and exists in some way in big websites. Thanks for your visiting ^_^.
Reply
#4
guide everyone shud nu tanks
Reply
#5
(November 17, 2019 at 09:38 AM)aidenbastow Wrote: guide everyone shud nu tanks

You're welcome ^_^, thanks for replying.
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
A Complete Guide to Burp Suite: Learn to Detect Application Vulnerabilities ramosidi04 215 15,789 6 hours ago
Last Post: olds88
👾Websites about latest vulnerabilities and exploits👾 Fetisha Kazegura 92 5,728 November 23, 2021 at 09:46 AM
Last Post: Redacted1133
WEB BASED DISCORD TOKEN CHECKER kristen_bell 2 192 October 26, 2021 at 04:56 AM
Last Post: Hashcat

 Users browsing this thread: 1 Guest(s)