Laboratorio de máquinas para desarrollo seguro.

¿Cómo empezar?

Cada aplicacion tiene un Makefile que hay que ejecutar. Sólo hay que asegurarse de disponer de docker y docker-compose.

OWASP Top 10 2017:

Vulnerability	Language	Application
A1 - Injection	Golang	CopyNPaste API
A1 - Injection	NodeJS	Mongection
A1 - Injection	Python	SSType
A2 - Broken Authentication	Python	Saidajaula Monster Fit
A2 - Broken Authentication	Golang	Insecure go project
A3 - Sensitive Data Exposure	Golang	SnakePro
A4 - XML External Entities (XXE)	PHP	ViniJr Blog
A5 - Broken Access Control	Golang	Vulnerable Ecommerce API
A5 - Broken Access Control	NodeJS	Tic-Tac-Toe
A6 - Security Misconfiguration	PHP	Vulnerable Wordpress Misconfig
A6 - Security Misconfiguration	NodeJS	Stegonography
A7 - Cross-Site Scripting (XSS)	Python	Gossip World
A7 - Cross-Site Scripting (XSS)	React	Comment Killer
A7 - Cross-Site Scripting (XSS)	Angular/Spring	Streaming
A8 - Insecure Deserialization	Python	Amarelo Designs
A8 - Insecure Deserialization	PHP	Admin Login
A9 - Using Components With Known Vulnerabilities	PHP	Cimentech
A9 - Using Components With Known Vulnerabilities	PHP	Admin PHP
A10 - Insufficient Logging & Monitoring	Python	GamesIrados.com
A10 - Insufficient Logging & Monitoring	PHP	My Blog

Referencias

Basado en b3d3cLabs. Wordlist obtenidas de https://github.com/danielmiessler/SecLists.