SQL, HTML, iFrame, SSI, OS Command, XML, XPath, LDAP,
PHP Code, Host Header and SMTP injections
Authentication, authorization and session management issuesMalicious, unrestricted file uploads and backdoor filesArbitrary file access and directory traversalsHeartbleed and Shellshock vulnerabilityLocal and remote file inclusions (LFI/RFI)Server Side Request Forgery (SSRF)Configuration issues: Man-in-the-Middle, Cross-Domain policy file,FTP, SNMP, WebDAV, information disclosures,...HTTP parameter pollution and HTTP response splittingXML External Entity attacks (XXE)HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS)
and web storage issuesDrupal, phpMyAdmin and SQLite issuesUnvalidated redirects and forwardsDenial-of-Service (DoS) attacksCross-Site Scripting (XSS), Cross-Site Tracing (XST) and
Cross-Site Request Forgery (CSRF)AJAX and Web Services issues (JSON/XML/SOAP)Parameter tampering and cookie poisoningBuffer overflows and local privilege escalationsPHP-CGI remote code executionHTTP verb tamperingAnd much more
安装:
bwapp可以单独,也可以一个虚拟机版本,解压后直接打开虚拟机就可以访问。
单独的话需要部署到apache+mysql+php的环境中