All the broken links are listed as below with steps to find them and text sample that contains the broken link:
Broken link steps: Training > Secure Development >EASY > What is Privacy and Why it is important
Broken Link:https://www.linuxfoundation.org/wp-content/uploads/2018/05/lf_gdpr_052418.pdfText containing the broken link:
European General Data Protection Regulation (GDPR)
The European General Data Protection Regulation (GDPR) protects the personal data of subjects who are in the European Union (EU). It applies whether or not the data processing occurs within the EU, and it applies whether or not the subjects are European citizens. As a result, the GDPR applies in many circumstances. _The Linux Foundation has a summary of the GDPR_ that highlights issues important to software developers. Below we point out some GDPR basics from the Linux Foundation’s GDPR summary.
Broken link steps : Training > Secure Development > EASY > What is Privacy and Why it is important
Broken Link-1: https://www.cnil.fr/sites/default/files/atoms/files/cnil_guide_securite_personnelle_gb_web.pdfBroken Link-2: https://www.linuxfoundation.org/wp-content/uploads/2018/05/lf_gdpr_052418.pdfText containing the broken link:
Under the GDPR, profiling is any form of automated processing that involves using personal data to evaluate aspects of that person. Profiling will usually require getting explicit consent
from the individual, which means also that the individual will be able to withdraw that consent at any time. Therefore, profiling activities will typically require a greater degree of review and protections for the applicable personal data.
Here are some resources for learning more about the GDPR:
• The [official EU site for the GDPR text]
• [“The Guide to the General Data Protection Regulation (GDPR)”]
• [“Solutions for a responsible use of the blockchain in the context of personal data”]
• “Security of Personal Data”
• The Linux Foundation, “Summary of GDPR Concepts For Free and Open Source Software Projects”
[California Online Privacy Protection Act, Chapter 22. Internet Privacy Requirements [22575-22579]]
Broken link steps: Training >Hacking web & API > EASY > Information Gathering > Enumerate Applications on webserver
Broken Link:https://www.domaintools.com/reverse-ip/Text containing the broken link:
Reverse-IP services are similar to DNS inverse queries, with the difference that the testers query a web-based application instead of a name server. There are a number of such services available. Since they tend to return partial (and often different) results, it is better to use multiple services to obtain a more comprehensive analysis.
• Domain Tools Reverse IP (requires free membership)
• DNSstuff (multiple services available)
Broken link Steps: Training > Hacking web & API > Competent > Input Validation Testing > Test for SQL injection approach SQL Server
Broken Link:https://secureby.design/assets/training/security_testing/slides/6-Appendix/C-Fuzz_Vectors.mdText containing the broken link:
Alternatively, one may play lucky. That is the attacker may assume that there is a blind or out-of-band SQL injection vulnerability in a the web application. He will then select an attack vector (e.g., a web entry), use fuzz vectors against this channel and watch the response. For example, if the web application is looking for a book using a query
Broken link Steps: Training > Hacking web & API > Competent > Reporting pentesting >Reporting of findings
Broken Link:https://github.com/OWASP/wstg/tree/master/checklistText containing the broken link:
Appendices
Multiple appendices can be added, such as:
• Test methodology used.
• Severity and risk rating explanations.
• Relevant output from tools used.
○ Make sure to clean the output and not just dump it.
• A checklist of all the tests conducted, such as the WSTG checklist.
Broken link Steps: Training > Hacking web & API > Advaanced > Client-side Testing >Test for CSS Injection
Broken Link:http://eaea.sirdarckcat.net/cssar/v2/Text containing the broken link:
The following pages provide examples of CSS injection vulnerabilities:
• Password "cracker" via CSS and HTML5
• CSS attribute reading
• JavaScript based attacks using CSSStyleDeclaration with unescaped input
Broken link Steps: Training > OWASP > OWASP TOP 10 2021 > The OWASP top 10 2021 >Test for CSS Injection
Broken link Steps (same as above): Training > OWASP > OWASP TOP 10 2021 > Introduction > About OWASP >Test for CSS Injection
Broken Link:https://secureby.design/assets/training/owasp_top10/slides/TBAText containing the broken link:
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications and APIs that can be trusted.
At OWASP, you'll find free and open:
• Application security tools and standards
• Cutting edge research
• Standard security controls and libraries
• Complete books on application security testing, secure code development, and secure code review
• Presentations and videos
• Cheat sheets
• Chapters meetings
• Events, training, and conferences
• Google Groups
All the broken links are listed as below with steps to find them and text sample that contains the broken link:
Broken link steps: Training > Secure Development >EASY > What is Privacy and Why it is important Broken Link: https://www.linuxfoundation.org/wp-content/uploads/2018/05/lf_gdpr_052418.pdf Text containing the broken link: European General Data Protection Regulation (GDPR) The European General Data Protection Regulation (GDPR) protects the personal data of subjects who are in the European Union (EU). It applies whether or not the data processing occurs within the EU, and it applies whether or not the subjects are European citizens. As a result, the GDPR applies in many circumstances. _The Linux Foundation has a summary of the GDPR_ that highlights issues important to software developers. Below we point out some GDPR basics from the Linux Foundation’s GDPR summary.
Broken link steps : Training > Secure Development > EASY > What is Privacy and Why it is important Broken Link-1: https://www.cnil.fr/sites/default/files/atoms/files/cnil_guide_securite_personnelle_gb_web.pdf Broken Link-2: https://www.linuxfoundation.org/wp-content/uploads/2018/05/lf_gdpr_052418.pdf Text containing the broken link: Under the GDPR, profiling is any form of automated processing that involves using personal data to evaluate aspects of that person. Profiling will usually require getting explicit consent from the individual, which means also that the individual will be able to withdraw that consent at any time. Therefore, profiling activities will typically require a greater degree of review and protections for the applicable personal data. Here are some resources for learning more about the GDPR: • The [official EU site for the GDPR text] • [“The Guide to the General Data Protection Regulation (GDPR)”] • [“Solutions for a responsible use of the blockchain in the context of personal data”] • “Security of Personal Data” • The Linux Foundation, “Summary of GDPR Concepts For Free and Open Source Software Projects” [California Online Privacy Protection Act, Chapter 22. Internet Privacy Requirements [22575-22579]]
Broken link steps: Training > Secure Development > EASY > Reusing External Software > Basics of Reusing Software Broken Link: https://safecode.org/principles-of-software-assurance-assessment/ Text containing the broken link: Consider using SAFECode’s guide Principles for Software Assurance Assessment (2019), which has a multi-tiered approach for examining the security characteristics of software.
Broken link steps: Training > Hacking web & API > EASY > Introduction > The OWASP Testing Project Broken Link: https://www.it-cisq.org/the-cost-of-poor-quality-software-in-the-us-a-2018-report/The-Cost-of-Poor-Quality-Software-in-the-US-2018-Report.pdf Text containing the broken link: While estimating the cost of insecure software may appear a daunting task, there has been a significant amount of work in this direction. In 2018 the Consortium for IT Software Quality summarized: ...the cost of poor quality software in the US in 2018 is approximately $2.84 trillion…
Broken link steps: Training >Hacking web & API > EASY > Information Gathering > Enumerate Applications on webserver Broken Link: https://www.domaintools.com/reverse-ip/ Text containing the broken link: Reverse-IP services are similar to DNS inverse queries, with the difference that the testers query a web-based application instead of a name server. There are a number of such services available. Since they tend to return partial (and often different) results, it is better to use multiple services to obtain a more comprehensive analysis. • Domain Tools Reverse IP (requires free membership) • DNSstuff (multiple services available)
Broken link steps: Training > Hacking web & API > EASY > Error handling testing >Test for improper error handling Broken Link: https://secureby.design/assets/training/security_testing/slides/6-Appendix/C-Fuzz_Vectors.md Text containing the broken link: References • [WSTG: Appendix C - Fuzz Vectors](https://secureby.design/assets/training/security_testing/slides/6-Appendix/C-Fuzz_Vectors.md) • Proactive Controls C10: Handle All Errors and Exceptions
Broken link Steps: Training > Hacking web & API > Competent > Input Validation Testing > Test for SQL injection approach SQL Server Broken Link: https://secureby.design/assets/training/security_testing/slides/6-Appendix/C-Fuzz_Vectors.md Text containing the broken link: Alternatively, one may play lucky. That is the attacker may assume that there is a blind or out-of-band SQL injection vulnerability in a the web application. He will then select an attack vector (e.g., a web entry), use fuzz vectors against this channel and watch the response. For example, if the web application is looking for a book using a query
Broken link Steps: Training > Hacking web & API > Competent > Reporting pentesting >Reporting of findings Broken Link: https://github.com/OWASP/wstg/tree/master/checklist Text containing the broken link: Appendices Multiple appendices can be added, such as: • Test methodology used. • Severity and risk rating explanations. • Relevant output from tools used. ○ Make sure to clean the output and not just dump it. • A checklist of all the tests conducted, such as the WSTG checklist.
Broken link Steps: Training > Hacking web & API > Advaanced > Client-side Testing >Test for CSS Injection Broken Link: http://eaea.sirdarckcat.net/cssar/v2/ Text containing the broken link: The following pages provide examples of CSS injection vulnerabilities: • Password "cracker" via CSS and HTML5 • CSS attribute reading • JavaScript based attacks using CSSStyleDeclaration with unescaped input
Broken link Steps: Training > OWASP > OWASP TOP 10 2021 > The OWASP top 10 2021 >Test for CSS Injection Broken link Steps (same as above): Training > OWASP > OWASP TOP 10 2021 > Introduction > About OWASP >Test for CSS Injection Broken Link: https://secureby.design/assets/training/owasp_top10/slides/TBA Text containing the broken link: The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications and APIs that can be trusted. At OWASP, you'll find free and open: • Application security tools and standards • Cutting edge research • Standard security controls and libraries • Complete books on application security testing, secure code development, and secure code review • Presentations and videos • Cheat sheets • Chapters meetings • Events, training, and conferences • Google Groups