What makes the OWASP top 10 so important?
Due to the importance of Application Security in reducing overall IT risk, the OWASP Top 10 has been adopted or referenced by a large number of government agencies, industry standards bodies, and prominent companies such as Microsoft, PCI Security Standards Council, Citibank, NIST, and others. These organizations continue to hone and enhance the OWASP Top Ten so it reflects the reality of today’s threatscape.
What is the goal?
The overall goal in composing this, as well as the following documentation, is to have a good simple understanding & documentation for testing and identifying the vulnerabilities presented on this list.
How I will be testing.
Almost all of these vulnerabilities have a free lab as well as a further explanation over at Portswigger Web Academy, Which you can go to here.
While overviewing the vulnerabilities, and writing them down. I took a step back and looked at SQLi, XXE, and XSS, thinking about what makes them confusing to me or hard to understand how and why they work and what to test is because I don’t understand the code and how the language works. So I highly recommend that if you arent familiar with the following codes to click on the language, and complete the tutorial.