WebGoat.NET icon indicating copy to clipboard operation
WebGoat.NET copied to clipboard

Published 20 hours ago verified publisher icon tobyash86

Add excercises for OWASP Top 10 vulnerabilities

Open tobyash86 opened this issue 4 years ago • 5 comments

For now, exercises were provided in the form of pdf documents. For sure we need to update them, but we need to consider if we want to stay with pdf documents or change the format.

tobyash86 avatar Jun 15 '20 19:06 tobyash86

I would like to give some of these exercises a go, could the PDF be made public? I can help with updating the documentation as well.

colbyprior avatar Nov 21 '21 22:11 colbyprior

Great work. Any chance you can also share the exercise PDF doc?

yuanshaocn avatar Dec 05 '22 17:12 yuanshaocn

We are currently looking for more contributors to create content for the About page (#8) for OWASP Top 10 and people who will develop exercises. Before we do that, I will need to create vulnerabilities in the code, because currently, I am not aware of any. Probably there are some, but I need to review the code to find them.

After that, I will prepare instructions on how to exploit them, and based on that exercises should be created.

tobyash86 avatar Dec 05 '22 19:12 tobyash86

I see. No wonder it was rather difficult to find vulnerabilities. Here is one for XSS vulnerability by giving a blog response like: .

yuanshaocn avatar Dec 05 '22 20:12 yuanshaocn

Here is one for XSS vulnerability by giving a blog response like: .

Yeah, but because it is .NET project, I (and probably guys from OWASP too) would prefer to have vulnerabilities related to .NET, not JavaScript.

tobyash86 avatar Dec 07 '22 14:12 tobyash86