Kontra OWASP Top 10 for Web

At KONTRA, we believe every software engineer should have free access to developer security training. KONTRA OWASP Top 10 is our first step in that direction. Inspired by real-world vulnerabilities and case studies, we have created a series of interactive application security training modules to help developers understand, identify and mitigate security vulnerabilities in their applications.

• Capital One SSRF

  

• TikTok Cross Site Scripting

  

• Ruby rest-client Backdoor

  

• SQL Injection

  

• Command Injection

  

• XML Entity Injection

  

• Directory Traversal

  

• Weak Randomness

  

• Session Fixation

  

• Reflected Cross Site Scripting

  

• Stored Cross Site Scripting

  

• Forced Browsing

  

• Leftover Debug Code

  

• Personally Identifiable Data in URL

  

• Token Exposure in URL

  

• User Enumeration

  

• Vertical Privilege Escalation

  

• Host Header Injection

  

• Clickjacking

  

• Horizontal Privilege Escalation

  

• Insecure URL Redirect

  

• Cross-Site Request Forgery

  

• Components with Known Vulnerabilities

  

• DOM XSS