OWASP: Difference between revisions

From charlesreid1

No edit summary
 
(2 intermediate revisions by 2 users not shown)
Line 7: Line 7:
Their wiki is a good source of information: https://www.owasp.org/index.php/Category:OWASP_Guide_Project
Their wiki is a good source of information: https://www.owasp.org/index.php/Category:OWASP_Guide_Project


==Top 10 (old)==
==Top 10==


Top web vulnerabilities: 2013 (nothing more recent...)
https://owasp.org/Top10/


https://www.owasp.org/index.php/Top_10_2013
Top web vulnerabilities:


https://www.owasp.org/index.php/Top_10
2013: https://www.owasp.org/index.php/Top_10_2013


CSRF: https://www.owasp.org/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_%28CSRF%29
2017: https://owasp.org/www-project-top-ten/2017


2021: https://owasp.org/www-project-top-ten/
===2021 List===
* A01:2021 - Broken Access Control
* A02:2021 - Cryptographic failures
* A03:2021 - Injection
* A04:2021 - Insecure design
* A05:2021 - Security misconfiguration
* A06:2021 - Vulnerable and outdated components
* A07:2021 - Identification and authentication failures
* A08:2021 - Software and data integrity failures
* A09:2021 - Security logging and monitoring failures
* A10:2021 - Server-side request forgery (SSRF)
==Links==
http://wiki.securityweekly.com/wiki/index.php/Episode339


=Flags=
=Flags=


{{KaliFlag}}
{{KaliFlag}}

Latest revision as of 18:21, 20 May 2023

Owasp

What is it?

Wiki

Their wiki is a good source of information: https://www.owasp.org/index.php/Category:OWASP_Guide_Project

Top 10

https://owasp.org/Top10/

Top web vulnerabilities:

2013: https://www.owasp.org/index.php/Top_10_2013

2017: https://owasp.org/www-project-top-ten/2017

2021: https://owasp.org/www-project-top-ten/

2021 List

  • A01:2021 - Broken Access Control
  • A02:2021 - Cryptographic failures
  • A03:2021 - Injection
  • A04:2021 - Insecure design
  • A05:2021 - Security misconfiguration
  • A06:2021 - Vulnerable and outdated components
  • A07:2021 - Identification and authentication failures
  • A08:2021 - Software and data integrity failures
  • A09:2021 - Security logging and monitoring failures
  • A10:2021 - Server-side request forgery (SSRF)

Links

http://wiki.securityweekly.com/wiki/index.php/Episode339

Flags


Defcon.png
Kali Linux
"The quieter you become, the more you are able to hear."

Penetration testing Linux distribution.


Kali  · Category:Kali

Kali/Wireless Reboot


Kali Software:

Kali Tools

Kali Top 10

Aircrack  · Wireshark  · John the Ripper  · Nmap  · Metasploit Framework

Dsniff  · Tcpdump  · Hydra  · Sqlmap  · Burpsuite  · Commix

Dirbuster  · Valgrind


Attack Workflow:

Kali/Workflow

1 Physical Attacks: Kali/Layer 1 Attacks

2 Data/MAC Attacks: Kali/Layer 2 Attacks

3 Network Attacks: Kali/Layer 3 Attacks

4 Transport Attacks: Kali/Layer 4 Attacks

5 Session Attacks: Kali/Layer 5 Attacks

6 Presentation Attacks: Kali/Layer 6 Attacks

7 Application Attacks: Kali/Layer 7 Attacks


Red Team Blue Team

Metasploitable - Red Team

Metasploitable - Blue Team


Networking:

Kali/Hotspot  · Kali/OpenVPN  · Kali/OpenVPN/Hotspot  · Kali/OpenVPN/PIA

Kali/IPv6


Booting:

Kali/Dual Boot OS X  · Kali/Live USB  · Kali/Persistent USB


Installing:

Kali/Installing  · Kali/Post Install  · Kali/Fixes


Kali on Raspberry Pi:

Kali Raspberry Pi  · Kali Raspberry Pi/Installing  · Kali Raspberry Pi/Headless  · Kali Raspberry Pi/Post-Install


Category:Security  · Category:Wireless  · Category:Passwords  · Category:Man in the Middle  · Category:Evil Twin

Flags  · Template:KaliFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=OWASP&oldid=29579"