https://github.com/gnebbia/owasp_intro
An introduction to OWASP methodologies
https://github.com/gnebbia/owasp_intro
owasp webapplicationhacking webapplications
Last synced: 4 months ago
JSON representation
An introduction to OWASP methodologies
- Host: GitHub
- URL: https://github.com/gnebbia/owasp_intro
- Owner: gnebbia
- Created: 2019-07-05T06:05:04.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2019-07-05T06:06:16.000Z (almost 7 years ago)
- Last Synced: 2025-06-10T03:06:11.414Z (12 months ago)
- Topics: owasp, webapplicationhacking, webapplications
- Size: 3.86 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# OWASP
## Learning
Not that much, but still something:
* [OWASP Academy](https://owasp-academy.teachable.com/)
## Development
* [OWASP Security Coding Check List](https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_Checklist)
## Testing
* [OWASP Testing Guide](https://www.owasp.org/images/1/19/OTGv4.pdf)
* [OWASP Testing Check List](https://www.owasp.org/index.php/Testing_Checklist)
To give you an idea of what can be automated and what should be performed
manually, check out this:
* [OWASP Check List Manual vs Auto](https://highbitsecurity.com/web-security-web-application-penetration-testing-methods.php)
* [OWASP Top Ten 10](https://www.owasp.org/index.php/Top_10-2017_Top_10)
For details about specific attacks and attack payloads, check out:
* [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)
* [SecLists](https://github.com/danielmiessler/SecLists)
## Sandboxes
You may try things on:
* `http://webscantest.com/`
* `http://zero.webappsecurity.com`
or with OWASP downloadable vulnerable web applications to not mess up the
deployment environment, examples of these are:
* Owasp Juice Shop
* WebGoat
* bwApp
## Tools
* Burp Suite / ZAP
* Dirbuster / gobuster / wfuzz
* Vega / w3af / arachni / wapiti
* nikto
* nmap
* openssl
* curl
* google dorks