OWASP Security Shepherd Project - My Practice & Solutions

    Security Shepherd is a Flagship project of OWASP. It is made as a web and mobile application security training platform.
    As it is a famous framework for Web Application Pen Testing Traing, I want to start to write down my practice & solutions on the lessons and challenges of Security Shepherd for tracking.

    The Official website: https://www.owasp.org/index.php/OWASP_Security_Shepherd

My Practice & Solutions

========================================================================

Top 10 2013-A1-Injection

Top 10-2017 A1-Injection

My Practice: 
SQL Injection Lesson
Injection Challenge
    - NoSQL Injection One
    - SQL Injection 1
    - SQL Injection 2
    - SQL Injection 3
    - SQL Injection 4
    - SQL Injection 5
    - SQL Injection 6
    - SQL Injection 7
    - SQL Injection Escaping
    - SQL Injection Stored Procedure

Mitigation Suggestions:
SQL Injection Prevention Cheat Sheet

========================================================================

========================================================================
OWASP Development Guide - Data Validation
My Practice:
Poor Data Validation Lesson
Poor Data Validation Challenge
    - Poor Data Validation 1
    - Poor Data Validation 2

Mitigation Suggestions:
Input Validation Cheat Sheet
========================================================================

========================================================================

Top 10 2013-A2-Broken Authentication and Session Management

Top 10-2017 A2-Broken Authentication

My Practice:
Broken Session Management Lesson
Session Management Challenge
    - Session Management Challenge 1
    - Session Management Challenge 2
    - Session Management Challenge 3
    - Session Management Challenge 4
    - Session Management Challenge 5
    - Session Management Challenge 6
    - Session Management Challenge 7
    - Session Management Challenge 8
Mitigation Suggestions:
Authentication Cheat Sheet
Session Management Cheat Sheet
Forgot Password Cheat Sheet

========================================================================

========================================================================

Top 10 2013-A3-Cross-Site Scripting (XSS)

Top 10-2017 A7-Cross-Site Scripting (XSS)

My Practice:
Cross Site Scripting Lesson
XSS Challenge
    - Cross Site Scripting 1
    - Cross Site Scripting 2
    - Cross Site Scripting 3
    - Cross Site Scripting 4
    - Cross Site Scripting 5
    - Cross Site Scripting 6
Mitigation Suggestions:

XSS (Cross Site Scripting) Prevention Cheat Sheet

DOM based XSS Prevention Cheat Sheet

XSS Filter Evasion Cheat Sheet

========================================================================

========================================================================

Top 10 2013-A4-Insecure Direct Object References

Top 10-2017 A5-Broken Access Control

My Practice:
Insecure Direct Object Reference Lesson
Insecure Direct Object Reference Challenge
    - Insecure Direct Object Reference Bank
    - Insecure Direct Object Reference Challenge 1
    - Insecure Direct Object Reference Challenge 2
Mitigation Suggestions:

Access Control Cheat Sheet

========================================================================

========================================================================

Top 10 2013-A5-Security Misconfiguration

Top 10-2017 A6-Security Misconfiguration

My Practice:
Security Misconfiguration Lesson
Security Misconfiguration Challenge
    - Security Misconfig Cookie Flag
Mitigation Suggestions:

OWASP Testing Guide - Testing for configuration management

OWASP Testing Guide - Testing for Error Code (OTG-ERR-001)

Top 10-2017 A9-Using Components with Known Vulnerabilities

========================================================================

========================================================================

Top 10 2013-A6-Sensitive Data Exposure

Top 10-2017 A3-Sensitive Data Exposure

My Practice:
Insecure Cryptographic Storage Lesson
Insecure Cryptographic Storage Challenge
    - Insecure Cryptographic Storage Challenge 1
    - Insecure Cryptographic Storage Challenge 2
    - Insecure Cryptographic Storage Challenge 3
    - Insecure Cryptographic Storage Challenge 4
Mitigation Suggestions:

Transport Layer Protection Cheat Sheet

User Privacy Protection Cheat Sheet

Password Storage Cheat Sheet

Cryptographic Storage Cheat Sheet

HTTP Strict Transport Security Cheat Sheet

========================================================================

======================================================================== 

Top 10 2010-A8-Failure to Restrict URL Access

Top 10 2013-A7-Missing Function Level Access Control

Top 10-2017 A5-Broken Access Control
My Practice:
Failure to Restrict URL Access Lesson
Failure to Restrict URL Access Challenge
    - Failure to Restrict URL Access 1
    - Failure to Restrict URL Access 2
    - Failure to Restrict URL Access 3
Mitigation Suggestions:
Authentication Cheat Sheet
Access Control Cheat Sheet
========================================================================

========================================================================

Top 10 2013-A8-Cross-Site Request Forgery (CSRF)

My Practice:
Cross Site Request Forgery Lesson
CSRF Challenge
    - CSRF 1
    - CSRF 2
    - CSRF 3
    - CSRF 4
    - CSRF 5
    - CSRF 6
    - CSRF 7
    - CSRF JSON
Mitigation Suggestions:

Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet

========================================================================

========================================================================

Top 10 2013-A10-Unvalidated Redirects and Forwards

My Practice:
Unvalidated Redirects and Forwards Lesson
Mitigation Suggestions:

Unvalidated Redirects and Forwards Cheat Sheet

========================================================================

Others:
How to create another user in OWASP Security Shepherd?

Reference

OWASP Top Ten Project