#owasp-top-10

Mar 26 · 20 min read · 1 Introduction In this post, the JavaScript Attacks vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks on all levels is to analyse and manipulate the J

Join discussion

WBWiktoria Blomgren Strandbergpentesting-dvwa.hashnode.dev

0

API Security in DVWA

Mar 21 · 24 min read · 1 Introduction In this post, the API Security vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks across all security levels is to exploit weaknesses in

Join discussion

MNMilan Nikicsecuritydepth.hashnode.dev

0

Authentication Vulnerabilities: Strategic Defense and Organizational Controls (Part 4)

Mar 16 · 18 min read · In the previous parts of this series, we discussed the authentication vulnerability from the developer’s point of view. We discussed password requirements based on NIST guidelines, rate limiting using

Join discussion

WBWiktoria Blomgren Strandbergpentesting-dvwa.hashnode.dev

0

CSP Bypass in DVWA

Mar 14 · 13 min read · 1 Introduction In this post, the Content Security Policy (CSP) Bypass vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks on all levels is to bypass the

Join discussion

EEEmma Engströmpentesting-dvwa.hashnode.dev

0

File Upload in DVWA

Mar 12 · 15 min read · Introduction This post demonstrates how a file upload vulnerability in the Damn Vulnerable Web Application (DVWA) can be exploited to achieve remote code execution. The objective of the attack is to u

Join discussion

MNMilan Nikicsecuritydepth.hashnode.dev

0

Authentication Vulnerabilities in Java: Session Management & Advanced Security (Part 3)

Mar 10 · 22 min read · In Part 1, we discussed the requirements of passwords according to NIST recommendations, various methods of rate limiting using sliding window and exponential backoff, and ways to avoid enumeration of

Join discussion

WBWiktoria Blomgren Strandbergpentesting-dvwa.hashnode.dev

0

Authorisation Bypass in DVWA

Mar 8 · 12 min read · 1 Introduction In this post, the Authorisation Bypass vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks on all levels is to identify any areas where a

Join discussion

EEEmma Engströmpentesting-dvwa.hashnode.dev

0

Brute Force in DVWA

Mar 8 · 16 min read · Introduction This post explores the brute-force vulnerability in the Damn Vulnerable Web Application (DVWA). The objective of the attack is to gain unauthorised access to the application by discoverin

Join discussion

WBWiktoria Blomgren Strandbergpentesting-dvwa.hashnode.dev

0

SQL Injection in DVWA

Mar 6 · 17 min read · 1 Introduction In this post, the SQL Injection vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks on all levels is to extract user login credentials.

Join discussion

MNMilan Nikicsecuritydepth.hashnode.dev

0

Authentication Vulnerabilities in Java: Credential Transmission & Password Reset (Part 2)

Mar 3 · 19 min read · In Part 1, we have already discussed the password policies based on the guidelines provided by the NIST, rate limiting for preventing brute-force attacks, and preventing username enumeration through c

Join discussion

Tag feed

Tag feed

#owasp-top-10

Trending tags this week