Introduction
Welcome to the most interesting part of the tutorial. Get ready for:
- getting familiar with all OWASP Top 10 vulnerabilities
- learning how to exploit them in the HackHealth app
- learning how to fix and prevent them
Individual lessons are not dependent on each other, but it is strongly recommended to take them in order, so that you have the opportunity to practice all of them.
In the tutorial, you will be introduced to techniques for hacking a web application. Please note that this tutorial is for educational purposes only and all actions are performed in an isolated environment and in a purposefully insecure application that is designed for this purpose.
Performing these actions on real-world applications without the consent of the owner is illegal and can result in criminal and civil liability.
Please, be aware of our actions.
OWASP Top 10
Lectures are based on the OWASP Top 10:2021 (opens in a new tab). It is the most up-to-date publication of the OWASP Top 10, which is a well-known list of the most critical web application security risks. It is published approximately every 3-4 years by the OWASP (opens in a new tab) (Open Web Application Security Project).
It is a great resource for developers, security professionals, and anyone involved in web application development.
OWASP is not only about the Top 10 list. It is a community of people who are passionate about web application security. They are constantly working on new projects and tools.
CWE
At the very beginning of each lecture, you will find a number of the CWE (opens in a new tab) (Common Weakness Enumeration) that is related to the vulnerability. Each vulnerability listed in OWASP Top 10 has a list of CWEs that are related to it. CWE is the most comprehensive list of software weaknesses containing more than 1,000 entries.