Standard pseudo-random number generators
Standard pseudo-random number generators cannot withstand cryptographic attacks. Insecure randomness errors occur when a function that can produce predictable values is used as a source of ...
Rx iT World Hacking Tutorial
Insecure Compiler Optimization
Improperly scrubbing sensitive data from memory can compromise security. Compiler optimization errors occur when:Secret data is stored in memory. The secret data is scrubbed from memory ...
Injection Problems
Injection problems span a wide range of instantiations. The basic form of this flaw involves the injection of control-plane data into the data-plane in order to alter the control flow of the process. ...
Improper Data Validation
Multiple validation forms with the same name indicate that validation logic is not up-to-date. If two validation forms have the same name, the Struts Validator arbitrarily chooses one of the forms ...
Heartbleed Bug
Like most major vulnerabilities, this major vulnerability is well branded. It gets it's name from the heart beat function between client and server. According to Dan Kaminsky,When you are ...
Expression Language (EL) Injection
Expression Language (EL) Injection happens when attacker controlled data enters an EL interpreter. With EL implementations prior to 2.2, attacker can recover sensitive server side information ...
Doubly freeing memory
Double free errors occur when free() is called more than once with the same memory address as an argument. Calling free() twice on the same value can lead to memory leak. When a program ...
Deserialization of untrusted data
Data which is untrusted cannot be trusted to be well formed. Malformed data or unexpected data could be used to abuse application logic, deny service, or execute arbitrary code, when deserialized. ...
CRLF Injection Attack
The term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems. ...
Business_logic_vulnerability
Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to ...
Buffer Overflow and Web Applications
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer ...
OWASP Vulnerability Management Guide
Christopher Frenz is the AVP of Information Security for Interfaith Medical Center where he worked to develop the hospital's information security program and infrastructure. Under his leadership the ...
Bug Logging Tool (BLT)
OWASP BLT is a bug-hunting & logging tool which allows users and companies to hunt for bugs, claim bug bounties and also to start bug-hunting sprees/contests respectively. It is preferred if the ...
Zed Attack Proxy (ZAP)
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop ...
Python Honeypot
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested ...
What is GSOC?
The Google Summer of Code program (“GSoC”) is designed to encourage student participation in open source development. Through GSoC, accepted student applicants will be paired with OWASP mentors that ...
Improving the Machine Learning chatbot
We want to extend the functionality of SKF Bot. (Security Knowledge Framework Chatbot): Some improvements or the suggestions which we can do to improve the functionality are:Create a desktop ...
Backslash Powered Scanner
This is a brand new technique developed by one of the Burp guys: http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html Their implementation is open ...
OWASP Mobile Hacking Playground
] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in ...
What is GSOC?
Open source software is changing the world and creating the future. Want to help shaping it? We’re looking for students to join us in making 2017 the best Summer of Code yet! STUDENTS: THE PROPOSAL ...
