{% load static %}
{% block title %}
OWASP Pygoat
{% endblock %}
PG
PyGoat
PG
Home
Introduction
OWASP TOP 10 2021
A1: Broken Access Control
A2: Cryptographic Failures
A3: Injection
SQl Injection
Command Injection
Template Injection
A4: Insecure Design
A5: Security Misconfiguration
A6: Vulnerable and Outdated Components
A7: Identification and Authentication Failures
A8: Software and Data Integrity Failures
A9: Security Logging and Monitoring Failures
A10: Server-Side Request Forgery
SANS 25 Vulns
S1 : Out-of-bounds Write
S2 : Improper Neutralization of Input During Web Page Generation
S3 : SQL Injection
S4 : Improper Input Validation
S5 : Out of bounds write
S6 : OS Command Injection
S7 : Use After Free
S8 : Path Traversal
S9 : CSRF
S10 : Unrestricted Upload of File with Dangerous Type
S11 : Null Pointer Referernece
S12 : Deserialization of Untrusted Data
S13 : Interger Overflow or Wraparround
S14 : Improper Authentication
S15 : User of Hardcoded credential
S16 : Missing Autherization
S17 : Command Injection
S18 : Missing Authentication for Critical Function
S19 : Improper Restriction of Operations within the Bounds of a Memory Buffer
S20 : Incorrect Default Permission
S21 : Server Side Request Forgery
S22 : Concurrent Execution using Shared Resource with Improper Synchronization
S23 : Uncontrolled Resource Comsumption
S24 : Improper Restriction of XML External Entity Reference
S25 : Code Injection
Mitre top 25 Vulns
M1 : Out-of-bounds Write
M2 : Improper Neutralization of Input During Web Page Generation
M3 : SQL Injection
M4 : Improper Input Validation
M5 : Out of bounds write
M6 : OS Command Injection
M7 : Use After Free
M8 : Path Traversal
M9 : CSRF
M10 : Unrestricted Upload of File with Dangerous Type
M11 : Null Pointer Referernece
M12 : Deserialization of Untrusted Data
M13 : Interger Overflow or Wraparround
M14 : Improper Authentication
M15 : User of Hardcoded credential
M16 : Missing Autherization
M17 : Command Injection
M18 : Missing Authentication for Critical Function
M19 : Improper Restriction of Operations within the Bounds of a Memory Buffer
M20 : Incorrect Default Permission
M21 : Server Side Request Forgery
M22 : Concurrent Execution using Shared Resource with Improper Synchronization
M23 : Uncontrolled Resource Comsumption
M24 : Improper Restriction of XML External Entity Reference
M25 : Code Injection
OWASP TOP 10 2017
A1: Injection
SQl Injection
Command Injection
A2: Broken Authentication
A3: Sensitive Data Exposure
A4: XML External Entities (XXE)
A5: Broken Access Control
A6: Security Misconfiguration
A7: Cross Site Scripting
A8: Insecure Deserialization
A9: Using Components with Known Vulnerabilities
A10: Insufficient Logging & Monitoring
Challenges
Page 1
Page 2
Page 3
Help
Toggle Sidebar
Theme
{% if user.is_authenticated %}
Logout
{% else %}
Login
{% endif %}
{% block content %} {% endblock %}