All comments on how to write a README are displayed between ( ), and should not be in the app's final version
( Be sure to add a banner image of your app here! )
( Here's a short description of your app! )
( Remember to fix these links when everything is done! )
( OWASP vulnerability definition here )
The main goal of this app is to discuss how ( vulnerability being explored in this app ) vulnerabilities can be exploited and to encourage developers to send secDevLabs Pull Requests on how they would mitigate these flaws.
( What do you need to do to get it up and running? Remember to add all the commands used as well! )
To properly understand how this application works, you can follow these simple steps:
( Add steps for an user to follow and get to know your app )
Now that you know the purpose of this app, what could possibly go wrong? The following section describes how an attacker could identify and eventually find sensitive information about the app or it's users. We encourage you to follow these steps and try to reproduce them on your own to better understand the attack vector! 😜
This first part, 👀 , is dedicated to describing all the steps needed to identify the vulnerability installed on your app so that anyone following this guide is able to replicate it.
Usually, some nice steps to include are:
- What's the app main page?
- How can you access it?
- How did you discover the vulnerability?
- If you used the command line, be sure to include the command used! You can include the command by doing this:
```sh
$ My awesome command here
```
A nice example of images to have on an attack narrative in the discovery section is:
First time acessing the app:
Found an interesting page:
Started the analysis on how the app handles cookies:
Confirmed the suspicion by having a look at the code!
Add as many images as you can! A picture is worth more than a thousand words!
This second part, 🔥 , is dedicated to describing all the steps needed to exploit the vulnerability found previously.
In this section, your goal should be on how to exploit the app and it's steps. A good guideline to follow is:
- Include all the steps to reproduce the exploit.
- If you used the command line, be sure to add the command here!
- It would be great if you added references to your narrative, such as used tools, exploits (preferably from ExploitDB) , a RFC, or any other text.
And as always, images!!! 😃
Some good examples of images are as follows:
Creating a payload:
Delivering a payload, and results!
How would you migitate this vulnerability? After your changes, an attacker should not be able to:
- ( What needs to be done for you to consider this app's vulnerability to be mitigated? )
[Spoiler alert 🚨 ] To understand how this vulnerability can be mitigated, check out [these pull requests]!
( We know when creating a new app that there won't, probably, be any solutions yet. Open an issue to remind us to fix this link, please )
We encourage you to contribute to SecDevLabs! Please check out the Contributing to SecDevLabs section for guidelines on how to proceed! 🎉