secDevLabs
secDevLabs copied to clipboard
globocom
A laboratory for learning secure web and mobile development in a practical manner.
## This solution refers to which of the apps? [A1] Broken Access Control - Vulnerable Ecommerce API ## What did you do to mitigate the vulnerability? A JWT implementation was...
## This solution refers to which of the apps? [A1] - Broken Access Control - Camplake-API ## What did you do to mitigate the vulnerability? Adding signature validation to incoming...
- [x] Add docker-compose down command in Makefile #562 - [x] Verify another way to prune containers from docker-compose to avoid excluding no related local containers. #563 - [ ]...
## This solution refers to which of the apps? A7 - Identity and Authentication Failures ## What did you do to mitigate the vulnerability? Using JWT for security autenticate ##...
## This solution refers to which of the apps? A3 - Mongection ## What did you do to mitigate the vulnerability? I sanitized the user entries for the database with...
## This solution refers to which of the apps? [A7 - Identity and Authentication Failures - Python - Saidajaula Monster Fit](https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2021-apps/a7/saidajaula-monster) ## What did you do to mitigate the vulnerability?...
## This solution refers to which of the apps? [A9 - Security Logging and Monitoring Failures - Python - GamesIrados.com](https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2021-apps/a9/games-irados) ## What did you do to mitigate the vulnerability? Implemented...
# New Vulnerable Application Created a new vulnerable application for the secDevLabs. The vulnerability in the application is based on the OWASP Top 10 2021 - A2 Cryptographic Failures. Examples...
## Motivation [Copy-and-Paste](https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2017-apps/a1/copy-n-paste)'s attack narrative makes use only of SQLMap to show how an automated SQL injection could be performed. ## It would be great if We could also have...
## Motivation The way [Vulnerable WordPress Misconfig](https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2017-apps/a6/misconfig-wordpress) is today, we are using the default template, which doesn't look so cool: ## It would be great if This app had a...
