Kontra OWASP Top 10 for Web

KONTRA's developer security training of OWASP Top 10 is inspired by real-world vulnerabilities and case studies, we have created a series of interactive application security training modules to help developers understand, identify and mitigate security vulnerabilities in their applications.

• Capital One SSRF

  

• Clickjacking

  

• Command Injection

  

• Components with Known Vulnerabilities

  

• Cross-Site Request Forgery

  

• Directory Traversal

  

• DOM XSS

  

• Forced Browsing

  

• Horizontal Privilege Escalation

  

• Host Header Injection

  

• Insecure URL Redirect

  

• Leftover Debug Code

  

• Log4j JNDI Injection

  NEW

  

• Personally Identifiable Data in URL

  

• Reflected Cross Site Scripting

  

• Ruby rest-client Backdoor

  

• Session Fixation

  

• SQL Injection

  

• Stored Cross Site Scripting

  

• TikTok Cross Site Scripting

  

• Token Exposure in URL

  

• User Enumeration

  

• Vertical Privilege Escalation

  

• Weak Randomness

  

• XML Entity Injection