This document explores the 10 vulnerability classes discussed in OWASP Top 10 - 2017.

Vulnerabilities

A1:2017 - Injections

Definition / Description

TODO: Use the OWASP document to explain

• The source, severity, and scope of injection attacks
• What kind of activity it can be used for (data exfiltration, backdooring, etc.)

How it Works

TODO: Explain how attackers build and deliver injection payloads.

• Hint: They might start with identifying services they can connect to, then finding which languages they can inject...

Scenario

TODO: Explain the UNION injection in the following URL: http://ptl-f99df351-3bdd4c8f.libcurl.so/cat.php?id=1%20UNION%20SELECT%201,concat(login,%27:%27,password),3,4%20FROM%20users

Specifically, explain

• What the intended SQL query looks like
• What the SQL query looks like after injection
• What this query means (explain the queries to the left and right of the UNION keyword)
• Two strategies for patching this vulnerability

TODO: Find an example of a command injection payload. Explain how it gets delivered, and what it does. Compare/contrast this to a SQL injection.

A2:2017 - Broken Authentication

Definition / Description

TODO: Use the OWASP document to explain

• The source, severity, and scope of broken authentication vulnerabilities
• What kind of damage can be done (e.g., data stealing, account tampering, etc.)

How it Works

TODO: Do the Scenario exercise below, then explain why the Brute Force exercise in DVWA qualifies as a Broken Authentication vulnerability.

Scenario

TODO: Use Burp Intruder to solve the Brute Force exercise on DVWA. You'll need to:

• Intercept a request to the login form
• Set positions aroudn the username and password
• Provide a list of usernames and passwords to test
• Use Intruder to brute-force the login form
• Hint: Intruder Attack Types
• Hint: Grep - match

As you complete the exercise, write down the steps of your attack, and document the following below:

• The raw request you captured in Proxy
• The request you set positions around in Intruder
• The raw response that contained the correct user credentials

Raw Request

# Raw HTTP Request Here

Intruder Request

# HTTP Request w/ Intruder Positions Here

Valid Response(s)

# HTTP Response w/ Valid Credentials Here

Mitigation

TODO: Explain two strategies for preventing this kind of attack.

A6:2017 - Security Misconfiguration

Definition / Description

TODO: Use the OWASP document to explain:

• The source, severity, and scope of security misconfigurations
• What kind of damage it can do to a business

How it Works

TODO: Explain the following:

• How allow_url_include and allow_url_fopen are responsible for the RFI vulnerability on DVWA
• The conditions under which RFI is possible. Refer to this document
• • Why the RFI on DVWA qualifies as a Security Misconfiguration vulnerability

Scenario

TODO: Figure out how to turn off allow_url_fopen and allow_url_include. Include the code you'd add to php.ini below.

// TODO: Disables allow_url_fopen

// TODO: Disables allow_url_include

A7:2017 - Cross-Site Scripting (XSS)

Definition / Description

TODO: Use the OWASP document to explain

• The source, scope, and severity of XSS vulnerabilities
• The three different classes of XSS vulnerabilities
• What kinds of attacks can be carried out with XSS

How it Works

TODO: Explain how a reflected XSS payload gets echoed from an HTTP request to an HTML document.

Scenario

TODO: Explain how the reflected XSS on DVWA works. Exploit it with Burp Repeater, and include the HTTP request containing your payload below.

# HTTP Request w/ Reflected XSS Payload Here

Answer rating: 100% (QA)

A12017 Injections Definition Description Injection vulnerabilities occur when an application sends untrusted data to an interpreter Injections can be used to attack any kind of interpreter such as SQL ... View the full answer