The most extensive collection of well-structured vulnerable code examples and fixes on the internet for Web2, Web3, API and Mobile (iOS and Android).
Do you have a great vulnerable code example? Open a PR
-
OWASP Top-10 2021
- A01 - Broken Access Control
- A02 - Cryptographic Failures
- A03 - Injection
- A04 - Insecure Design
- A05 - Security Misconfiguration
- [A06 - Vulnerable and Outdated Components]
- [A07 - Identification and Authentication Failures]
- [A08 - Software and Data Integrity Failures]
- [A09 - Security Logging and Monitoring Failures]
- [A10 - Server-Side Request Forgery]
-
Per vulnerability
- SQL Injection
- NoSQL Injection
- LDAP Injection
- XSS
- SSTI
- XXE
- SSRF
- CSRF
- Code Execution
- Code Injection
- Command Injection
- XPATH Injection
- Insecure Deserialization
- Authentication Bypass
- Broken Access Control
- IDOR
- Directory traversal
- Prototype Pollution
- Insecure File Uploads
- Buffer Overflow
- Integer Overflow
- Denial Of Service
- Sensitive Data Exposure
- OWASP API Security Top-10 2019
- API1 - Broken Object Level Authorization
- API2 - Broken User Authentication
- API3 - Excessive Data Exposure
- API4 - Lack of Resources & Rate Limiting
- API5 - Broken Function Level Authorization
- API6 - Mass Assignment
- API7 - Security Misconfiguration
- API8 - Injection
- API9 - Improper Assets Management
- API10 - Insufficient Logging & Monitoring
- Per vulnerability
- Top 10 Mobile 2016
All suggestions write to [email protected]
🔜