OWASP A01: Broken Access Control
Our first blog will have a few BAC issues in it, you will be able to edit and delete posts that do not belong to you.
You can test this out on Our cheeseblog
OWASP A02: Cryptographic failures
Yes indeed dear friends, this used to be known as sensitive data exposure, you can try out on Ratsite. Explore the source code well and look at any JaveScript files. They contain a username and password in this case!
OWASP A03: Injections
This vulnerability is diverse and we only have one lab for you, you can try out on Our XPATH Injection labs.
OWASP A04: Insecure Design
All of my labs are vulnerable af by design :) Our labs.
OWASP A05: Security Misconfiguration
The JWT token is vulnerable in our labs, you can go to JWT.io and change the flag to make yourself admin Our labs.
OWASP A06: Vulnerable and Outdated Components
If you register, we use an outdated component component of angularJS, you can set your name to insert CSTI, look up the vulnerable version and how to exploit it on google Our labs.
OWASP A07: Identification and Authentication Failures
Our ratsite contains many issues, for example you can use a very weak password or just log in using test/test Our labs.
OWASP A08: Software and Data Integrity Failures
OWASP A09: Security Logging and Monitoring Failures
Our ratsite contains many issues, it is nog logged or monitored, let alone any alerting Our labs.
OWASP A10: SSRF (Server side request forgery)
You can train your SSRF skills here, try to grab the contents of the /internal directory Our labs.