OWASP top 10
First, input valid data into the web app to see what the site outputs
If the form field is talking to a database try entering ' to see if it throws an error
Next, try a generic SQLi statement
OWASP Top 10: https://owasp.org/www-pdf-archive/OWASP_Top_10-2017_%28en%29.pdf.pdf
OWASP Testing Checklist: https://github.com/tanprathan/OWASP-Testing-Checklist
Testing the Top 10 Web Application Vulnerabilities
OWASP Top 10: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
OWASP Testing Checklist: https://github.com/tanprathan/OWASP-Testing-Checklist
OWASP Testing Guide: https://www.owasp.org/images/1/19/OTGv4.pdf
Installing Docker on Kali: https://medium.com/@airman604/installing-docker-in-kali-linux-2017-1-fbaa4d1447fe
OWASP Juice Shop: https://github.com/bkimminich/juice-shop
OWASP A1-Injection: https://www.owasp.org/index.php/Top_10-2017_A1-Injection
OWASP A2-Broken Authentication: https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication
OWASP A3-Sensetive Data Exposure: https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure
OWASP A4-XML External Entities: https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE)
OWASP A5-Broken Access Control: https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control
OWASP A6-Security Misconfigurations: https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration
OWASP A7-Cross Site Scripting: https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS)
DOM Based XSS: https://www.scip.ch/en/?labs.20171214
XSS Game: https://xss-game.appspot.com/
OWASP A8-Insecure Deserialization: https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization
OWASP A9-Using Components with Known Vulnerabilities: https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities
OWASP A10-Insufficient Logging & Monitoring: https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A10-Insufficient_Logging%252526Monitoring.html
Last updated