freeskillv2.0.0✓ verified
owasp-top10
A deep prevention reference for the OWASP Top 10 web risks — broken access control, injection, crypto failures, insecure design, SSRF and more — with vulnerable-vs-fixed code, edge cases, and a runnable naive-vulnerability scanner.
$npx vanara install owasp-top10
Free & open source (Apache-2.0) — view the source on GitHub.
Overview
Most real-world breaches exploit a short, well-known list of weaknesses. This package is the deep reference: each category gets its root cause, the default defense, and a vulnerable-vs-fixed example. Category deep-dives live in references/, side-by-side fixes in examples/, and a runnable heuristic scanner in scripts/.
What it covers
- The list (and the one-line defense for each)
- The two that cause the most damage
- A worked SSRF case (A10)
- Edge cases & gotchas
- When the "fix" isn't enough
- A01 — Broken Access Control (in depth)
- A02 — Cryptographic Failures (in depth)
- A03 — Injection (in depth)