BWAPP:一款非常好用的漏洞演示平台

参考:
http://www.freebuf.com/sectool/76885.html
https://www.vulnhub.com/entry/bwapp-bee-box-v16,53/

What makes bWAPP so unique? Well, it has over 100 web bugs! bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project.

[The OWASP Top 10 provides an accurate snapshot of the current threat landscape in application security and reflects the collaborative efforts and insights of thousands of accomplished security engineers. To reflect the ongoing changes in technology and common online business practices, the list is periodically updated.]

Some of the vulnerabilities included in bWAPP:

- SQL, HTML, iFrame, SSI, OS Command, XML, XPath, LDAP and SMTP injections
- Blind SQL and Blind OS Command injection
- Bash Shellshock (CGI) and Heartbleed vulnerability (OpenSSL)
- Cross-Site Scripting (XSS) and Cross-Site Tracing (XST)
- Cross-Site Request Forgery (CSRF)
- AJAX and Web Services vulnerabilities (JSON/XML/SOAP/WSDL)
- Malicious, unrestricted file uploads and backdoor files
- Authentication, authorization and session management issues
- Arbitrary file access and directory traversals
- Local and remote file inclusions (LFI/RFI)
- Configuration issues: Man-in-the-Middle, cross-domain policy files, information disclosures,...
- HTTP parameter pollution and HTTP response splitting
- Denial-of-Service (DoS) attacks: Slow HTTP and XML Entity Expansion
- Insecure distcc, FTP, NTP, Samba, SNMP, VNC, WebDAV configurations
- HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS) and web storage issues
- Unvalidated redirects and forwards, and cookie poisoning
- Cookie poisoning and insecure cryptographic storage
- Server Side Request Forgery (SSRF)
- XML External Entity attacks (XXE)
- And much much much more…

参考:
http://itsecgames.blogspot.com/

  • 1
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值