What is Ruby?
XSS
What is 'Cross Site Scripting'?
Ranked #1 in 2017, this occurs when "untrusted data is sent to an interpreter as part of a command or query"
What is Injection?
"Concatenate files and print on the standard output"
What is 'cat'?
It is a set of generic attack detection rules for use with web application firewalls. It aims to protect web applications from a wide range of attacks, including the OWASP Top 10, with a minimum of false alerts.
What is 'OWASP ModSecurity Core Rule Set (CRS)'?
What is C?
CSRF
A staple in the Top 10 for years, this occurs when an "application includes untrusted data in a new web page without proper validation or escaping"
What is Cross Site Scripting?
"Send ICMP ECHO_REQUEST to network hosts"
What is 'ping'?
The project offers a comprehensive guide and reference implementation that offers prescriptive guidance to implement intrusion detection and automated response into applications
What is 'OWASP AppSensor Project'?
What is Scala?
What is 'Denial of Service'?
This attack, which finally fell out of the top 10 in 2017, "forces a logged-on victim's browser to send a forged HTTP request" the application thinks is legitimate
What is Cross Site Request Forgery?
"Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships"
What is 'netstat'?
An open source vulnerability management tool writin in Python that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.
What is 'OWASP DefectDojo Project'?
What is Objective-C?
RCE
What is 'Remote Code Execution'?
A new addition in 2017, this vulnerability deals with the way objects in certain languages (e.g. Java) are stored and transmitted over a network.
What is Insecure Deserialization?
What is curl?
A document was written by developers for developers, providing a list of security techniques that should be included in every software development project, ordered by order of importance.
What is 'OWASP Proactive Controls'?
What is Erlang?
XXE
What is 'XML eXternal Entity'?
Another new addition in 2017, this attack is demonstrated here:
<!DOCTYPE foo [
<!ENTITY pwn SYSTEM "file:///etc/passwd"> ]>
<foo>&pwn;</foo>
What is XML External Entities?
"Pattern scanning and process language"
What is 'awk'?
An intentionally insecure webapp for security trainings, written entirely in Node.js, Express, and AngularJS - which encompasses the entire OWASP Top Ten and other severe security flaws.
What is 'OWASP Juice Shop Project'?