BWAPP:一款非常好用的漏洞演示平台
来源:互联网 发布:大数据处理算法 编辑:程序博客网 时间:2024/05/21 12:07
参考:
http://www.freebuf.com/sectool/76885.html
https://www.vulnhub.com/entry/bwapp-bee-box-v16,53/
What makes bWAPP so unique? Well, it has over 100 web bugs! bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project.
[The OWASP Top 10 provides an accurate snapshot of the current threat landscape in application security and reflects the collaborative efforts and insights of thousands of accomplished security engineers. To reflect the ongoing changes in technology and common online business practices, the list is periodically updated.]
Some of the vulnerabilities included in bWAPP:
- SQL, HTML, iFrame, SSI, OS Command, XML, XPath, LDAP and SMTP injections- Blind SQL and Blind OS Command injection- Bash Shellshock (CGI) and Heartbleed vulnerability (OpenSSL)- Cross-Site Scripting (XSS) and Cross-Site Tracing (XST)- Cross-Site Request Forgery (CSRF)- AJAX and Web Services vulnerabilities (JSON/XML/SOAP/WSDL)- Malicious, unrestricted file uploads and backdoor files- Authentication, authorization and session management issues- Arbitrary file access and directory traversals- Local and remote file inclusions (LFI/RFI)- Configuration issues: Man-in-the-Middle, cross-domain policy files, information disclosures,...- HTTP parameter pollution and HTTP response splitting- Denial-of-Service (DoS) attacks: Slow HTTP and XML Entity Expansion- Insecure distcc, FTP, NTP, Samba, SNMP, VNC, WebDAV configurations- HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS) and web storage issues- Unvalidated redirects and forwards, and cookie poisoning- Cookie poisoning and insecure cryptographic storage- Server Side Request Forgery (SSRF)- XML External Entity attacks (XXE)- And much much much more…
参考:
http://itsecgames.blogspot.com/
阅读全文
0 0
- BWAPP:一款非常好用的漏洞演示平台
- 推荐一款非常好用的效率APP
- 一款非常好用的Linux下的C/C++ IDE
- 推荐一款非常好用的鼠标手势软件StrokeIt
- APC--一款非常好用的opcode缓存加速器
- 推荐一款非常好用的java反编译工具
- 推荐一款非常好用的java反编译工具
- 推荐一款非常好用的远程控制工具--Team Viewer
- 推荐一款非常好用的java反编译工具
- 分享一款非常好用流畅的gif录制软件
- 一款非常好用的日期插件(强烈推荐)
- 一款非常好用的全景生成,全景标记编辑插件!
- 一款适合演示的软件
- ranger:linuxer&vimer的福音,一款非常好用的命令行文件管理器
- 为大家推荐一款非常好用的java写的垂直爬虫webmagic,力挺
- 给大家推荐一款开源的C/C++开发环境,非常好用!!
- 一款非常好用的系统恢复工具linux、windows下都可用
- 介绍一款非常好用的网站编辑器(上传图片功能比较强大)
- 51Nod-1288-汽油补给
- Android测试之Robotium自动化测试框架
- Android 框架学习2:源码分析 EventBus 3.0 如何实现事件总线
- ssh免密登录和远程文件复制
- 磁盘配额
- BWAPP:一款非常好用的漏洞演示平台
- ant使用实例
- android Google推出的31套在线课程 [记录]
- OKRx+OkGo(okhttp-util升级版)网络请求框架使用
- Java---SpringMVC注解
- 关于Git的入门操作(安装、提交代码至仓库)
- phpmyadmin登陆后出现 Array to string问题
- 参考coupon开发cardcoupon-2
- Hashtable的实现原理