This project is dedicated to conducting security testing and fixing vulnerabilities related to the OWASP Top 10 vulnerabilities.
The primary objective of this project is to provide a hands-on environment for testing and understanding common security vulnerabilities outlined in the OWASP Top 10 list. By identifying, exploiting, and fixing these vulnerabilities, participants can gain practical experience in secure application development and enhance their understanding of cybersecurity concepts.
-
Vulnerability Testing: The project includes test cases and scenarios for assessing vulnerabilities related to the OWASP Top 10 list, including SQL injection, broken access control, cross-site scripting (XSS), and more.
-
Fixing Vulnerabilities: Participants are encouraged to analyze and fix identified vulnerabilities using best practices and secure coding techniques. Sample code snippets and guidelines may be provided to assist with the remediation process.
-
Educational Resources: Supplementary educational materials, tutorials, and resources may be provided to support participants in understanding the underlying principles of each vulnerability and how to effectively mitigate them.
To get started with the security lab project, follow these steps:
-
Clone the project repository from GitHub.
-
Customize the docker-compose.yml file, particularly the following line:
/home/nasri/www/sql-injection:/var/www/htmlReplace
/home/nasri/www/sql-injectionwith the directory path where you have stored the source code on your local machine. -
Run the project and proceed with the labs (refer to the Lab section for details).
-
Lab 1: SQL Injection: Learn how to identify and exploit SQL injection vulnerabilities in web applications.
-
Lab 2: Broken Access Control: Understand and learn techniques to bypass broken access controls and gain unauthorized access to resources.
-
Lab 3: Cryptographic Failures: Explore how to identify and exploit vulnerabilities resulting from cryptographic failures.
-
Lab 4: XSS attacks: Learn how to identify and exploit Cross-Site Scripting (XSS) vulnerabilities.
-
Lab 5: CSRF attacks: Discover how to recognize and mitigate Cross-Site Request Forgery (CSRF) attacks.
Contributions to the security lab project are welcome and encouraged. If you have identified new test cases, vulnerabilities, or improvements to existing code, feel free to submit a pull request with your changes.
When contributing to this project, please adhere to the following guidelines:
- Follow best practices for secure coding and vulnerability remediation.
- Clearly document any changes or additions made to the project.
- Test your changes thoroughly to ensure they do not introduce new vulnerabilities or regressions.
- Respect the project's code of conduct and contribute in a constructive manner.
For any corrections or suggestions, please contact Mohammed Nasri at mohammed.nasri@gmail.com.
This project is licensed under the MIT License.