Broken Links

[CRImier]

Was going through pages, found plenty of broken references. Ran a broken URL checker against the website, found a lot of broken URLs. Fixed some of them in #290 . Some URLs remain broken:

https://support.google.com/mail/forum/AAAAK7un8RU3J3r2JqFNTw/discussion/?hl=en&gpf=d/topic/gmail/3J3r2JqFNTw/discussion
https://www.javaworld.com/javaworld/javaqa/2003-05/01-qa-0509-jcrypt.html?page=2
http://www.php-security.org/downloads/rips.pdf
http://www.seclab.tuwien.ac.at/papers/pixy.pdf
http://w2spconf.com/2010/papers/p27.pdf
https://www.codemagi.com/blog/post/194
https://www.itu.int/rec/T-REC-X.690-200811-I/en
https://www.ietf.org/id/draft-ietf-websec-key-pinning-09.txt
https://github.com/andresriancho/w3af/blob/master/plugins/grep/csp.py
http://blog.php-security.org/archives/76-Holes-in-most-preg_match-filters.html
http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=77
http://www.ruxcon.org.au/files/2008/Attacking_Rich_Internet_Applications.pdf
http://yehg.net/lab/pr0js/files.php/inspath.zip
http://yehg.net/lab/pr0js/files.php/php_brute_force_detect.zip
http://www.comptechdoc.org/independent/web/cgi/ssimanual/ssiexamples.html
http://www.iss.net/security_center/advice/Exploits/TCP/session_hijacking/default.htm
http://www.derkeiler.com/pdf/Mailing-Lists/Securiteam/2002-12/0099.pdf
http://archives.neohapsis.com/archives/bugtraq/2002-05/0118.html
http://hacker-eliminator.com/trojansymptoms.html
http://www.microsoft.com/technet/security/bulletin/MS00-078.mspx
https://www.checkmarx.com/Demo/XSHM.aspx
https://blog.watchfire.com/wfblog/2008/06/javascript-code.html
http://shlang.com/netkill/netkill.html
https://cirt.net/code/nikto.shtml
https://addons.mozilla.org/en-US/firefox/addon/heartbleed-checker/
https://www.ecrimelabs.com/tools/webroot/WebRoot.txt
https://www.cs.rice.edu/~scrosby/hash/slides/USENIX-RegexpWIP.2.ppt
https://www.checkmarx.com/NewsDetails.aspx?id=23&cat=3
https://owasp.org/index.php/Dhiraj_Mishra
http://puzzlemall.googlecode.com/files/Session
https://owasp.org/index.php/Image:RequestRodeo-MartinJohns.pdf
http://windows.stanford.edu/docs/IISsecchecklist.htm
http://www.net-security.org/dl/articles/php-file-upload.pdf
http://www.windowsitpro.com/Files/18/27072/Webtable_01.pdf
https://www.imperva.com/404?aspxerrorpath=/application_defense_center/glossary/forceful_browsing.html
http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html
https://blog.shapesecurity.com/heartbleed-bug-places-encrypted-user-data-and-webservers-at-risk
https://www.mitre.org/sites/default/files/publications/pr-18-2417-deliver-uncompromised-MITRE-study-8AUG2018.pdf
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
http://www.digitaldwarf.be/products/mangle.c
http://projects.info-pull.com/mokb/
http://www.bonsai-sec.com/en/research/untidy-xml-fuzzer.php
https://support.snyk.io/snyk-cli/how-can-i-set-a-snyk-cli-project-as-open-source
http://www.rubcast.rub.de/index2.php?id=1009
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
http://aeditor.rubyforge.org/ruby_cplusplus/index.html
https://owasp-skf.gitbook.io/asvs-write-ups/filename-injection
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
https://blog.48bits.com/2010/09/28/iis6-asp-file-upload-for-fun-and-profit/
http://palisade.plynt.com/issues/2006Jun/injection-stored-procedures/
http://www.bindshell.net/tools/odysseus
http://www.ntobjectives.com/products/firewater/
http://home.intekom.com/rdawes/exodus.html
http://www.wastelands.gen.nz/odysseus/index.php
http://www.webcohort.com/web_application_security/research/tools.html
http://www.rsasecurity.com/standards/ssl/basics.html
http://palisade.plynt.com/issues/2005Aug/page-tokens/
http://www.microsoft.com/mspress/books/toc/5612.asp
http://www.seczone.cn/2018/06/27/codesec源代码安全检测平台/

If anyone wants to go through these, grep --color=always -nr -Ff broken_urls_left.txt|grep --color=always -v "broken_"|sort will show where those URLs are specifically (might miss some of these, though). Could probably also find a lot of broken internal references by looking for "wikilink".

[kingthorin]

If anyone wants to go through these, grep --color=always -nr -Ff broken_urlsleft.txt|grep --color=always -v "broken"|sort will show where those URLs are specifically (might miss some of these, though). Could probably also find a lot of broken internal references by looking for "wikilink".

Could you attach broken_urls_left.txt?

[CRImier]

It's the contents of the code snippet in the OP. Would be great to use a better URL checker - the one I used didn't catch all the broken internal references, and its non-paid version only checked 2000 links out of, potentially, many more.

broken_urls_left.txt

[CRImier]

Also, some of these links actually might resolve (just that there's a Javascript or 3xx code redirect), just one more peculiarity of the URL checker I used - in that case, IMO, the URL needs to be updated because, at some point, old links inevitably stop redirecting and start 404'ing.

[kingthorin]

Thanks @CRImier

[megalucio]

This is also a broken one https://owasp.org/www-community/attacks/Tokenizing from the main page in CSRF.

[kingthorin]

It seems there was never "Tokenizing" content: https://wiki.owasp.org/index.php/Tokenizing

For that one it would be best to just remove the link.

[Biepa]

• [x] 404 Error on https://owasp.org/www-community/attacks/Same-Origin_Policy in the following file: www-community/pages/attacks/cross-site-request-forgery.md

[fzipi]

Page https://github.com/OWASP/www-community/blob/master/pages/Broken_Access_Control.md has this link: http://www.infosecuritymag.com/2002/jun/insecurity.shtml \We should be able to get something with less than near 20 years by now....

[kingthorin]

@fzipi let us know what your suggestion is, or just go ahead and open a PR.

[fzipi]

@kingthorin Added #393 with the links from the top 10.

[Jeymz]

Would it be worth going through these and just linking to the wayback machine until suitable replacements can be identified?

[kingthorin]

I’d suggest fixing a few properly (in batches or whatever), vs. having to go through them all twice.

[draunger]

@CRImier can I work on this issue

[kingthorin]

@draunger go for it.

[CRImier]

I concur, go for it^^

[StepQuest]

On page https://github.com/OWASP/www-community/blob/master/pages/Types_of_Cross-Site_Scripting.md there is "broken" (author of GitHub page has hidden the content) link in References [2]