Laboratory work 2
Dmytro Vodianytskyi
The OWASP Top Ten may be a essential archive made by the Open Web
Application Security Extend (OWASP) that highlights the ten most basic web
application security risks. It serves as a crucial asset within the field of
cybersecurity, advertising experiences into wants , points, and reason of this
archive.
Needs of OWASP
The OWASP Top Ten is born out of a squeezing require within the
computerized age for upgraded web application security. With the multiplication
of web-based administrations, the dangers related with online exercises have
developed significantly. OWASP addresses the ought to recognize, get it, and
moderate these dangers, giving a standardized system to secure web
applications viably.
5 OWASP Keywords/Topics
 Vulnerabilities: The OWASP Top Ten identifies the foremost common
vulnerabilities found in web applications, such as infusion assaults,
broken confirmation, and security misconfigurations.
 Mindfulness: It points to raise mindfulness around the predominant
security dangers, guaranteeing engineers and organizations stay educated
around the advancing danger scene.
 Prioritization: The record helps in prioritizing security efforts by
recognizing the foremost basic dangers, making a difference
organizations apportion assets viably.
 Guidance: OWASP Top Ten gives direction and proposals on how to
address and moderate these security dangers, advertising viable
arrangements and best hones.
 Responsibility: It underscores the shared obligation of engineers, security
experts, and organizations in securing web applications, emphasizing the
significance of collaboration and a proactive approach to security.
Purpose of OWASP
The primary purpose of OWASP Top Ten is to serve as a foundational resource
for developers, security experts, and organizations. It aims to guide these
stakeholders in identifying and addressing critical security risks, reducing the
likelihood of security breaches and data compromises. The responsibilities of
OWASP Top Ten lie in educating, informing, and empowering the community
to build and maintain secure web applications.
Conclusion
Within the present day advanced scene, the OWASP Top Ten proceeds to be
uncommonly valuable. Its viable direction and comprehensive scope of web
application security dangers make it an priceless asset. Designers can utilize it
to plan and code more secure applications, whereas security professionals can
use it to assess and upgrade the security pose of existing frameworks.
Organizations advantage from the OWASP Top Ten by executing proactive
security measures, defending delicate information, and keeping up client
believe. In a world where cyber dangers are ever-evolving, the OWASP Top Ten
is an fundamental device for anybody included in web application
improvement, security, or chance administration. Its pertinence perseveres, as
the require for secure web applications remains foremost in our progressively
advanced lives.
TrackHackMe
Tutorials
1. RootMe
Conclusion: In this room I got acquainted with nmap, and how to use it to scan ports and
services, also with gobusters util which help me to enumerate FTP, SMB, and web servers.The
most interesting part of the room was privilege escalation.
2. OWASP Juice Shop
Conclusion: In this room I have learned how to identify and exploit SQL injection, cross-site
scripting (XSS), insecure direct object references (IDOR), broken authentication, and sensitive
data exposure vulnerabilities.This room wasn’t that interesting as previous one(RootMe).
3. Basic Pentesting
Conclusion: This room covers mostly same topics as in previous 2 rooms. But with this room
I become more experienced in nmap for open ports and services. Also I dived more deeply in
privilege escalation