VulnerableApp
VulnerableApp copied to clipboard
SasanLabs
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
**Is your feature request related to a problem? Please describe.** We have many levels under JWT Vulnerability https://github.com/SasanLabs/VulnerableApp/blob/master/src/main/java/org/sasanlabs/service/vulnerability/jwt/JWTVulnerability.java but there are few attack vectors which are missing like Header Param...
Maps to issue: https://github.com/SasanLabs/VulnerableApp/issues/420 Borrowing/following from the excellent practice of https://github.com/SasanLabs/VulnerableApp/issues/425 ! This translation would involve cross-referencing American and Korean programming resources, such as [MDN Web Docs](https://developer.mozilla.org/en-US/), for accuracy. Anything...
Key Changes Explained: - Enhanced security checks: Added checks to prevent Path Traversal attacks by verifying that the file name does not contain ".." and is within the list of...
Added handling for header parameter injection in `JWTVulnerability.java`, addressing the missing attack vector noted in issue #413. Follows https://portswigger.net/web-security/jwt guidelines. Ref: #413
Fixes one of the issues highlighted : https://github.com/SasanLabs/VulnerableApp/issues/448 ``` The line of code is the beginning of a try-catch block: SQL Injection : src/main/java/org/sasanlabs/service/vulnerability/sqlInjection/ErrorBasedSQLInjectionVulnerability.java : 218 ```
This PR adds unit tests for the Blind SQL Injection Vulnerability for levels 1, 2, and 3 in the `BlindSQLInjectionVulnerability` class. The tests mock the `JdbcTemplate` and `ResultSet` to simulate...
