home.md

Pygoat Tutorial Index

Table of Contents

• A1 - Injection
  • SQL Injection Interpolation
  • SQL Injection Concatenation
  • Command Injection
• A2 - Broken Authentication and Session Management
  • Credential Enumeration
• A3 - Cross-site Scripting (XSS)
  • XSS
  • XSS DOM
• A4 - Insecure Direct Object Reference
  • Insecure Direct Object Reference
• A5 - Security Misconfiguration
  • not implemented
• A6 - Sensitive Data Exposure
  • Sensitve Data Exposure
  • Cleartext Storage
• A7 - Missing Function Level Access Control
  • Missing Function Level Access Control
• A8 - Cross Site Request Forgery
  • not implemented
• A9 - Using Components with Known Vulnerabilities
  • not implemented
• A10 - Unvalidated Redirects and Forwards
  • not implemented