This repository contains examples on how to use certain framework native functionalities and libraries to reduce vulnerabilities.
Injection
SQL:
mySQL
--> JS: Experess/01-Injection/mysql.js and Experess/01-Injection/sequelize.js
--> Java: SpringBoot/demo/src/main/java/main/demo/Injection.java
NoSQL:
mongoDB
--> JS: Experess/01-Injection/mongoDB.js and Experess/01-Injection/mongoose.js
--> Java: SpringBoot/mongoDBRepository and SpringBoot/mongoDBTemplate
Broken Authentication
PW Hashing
--> JS: GeneralJS/pwHashing.js
--> Java: SpringBoot/demo/src/main/java/main/demo/WebSecurityConfig.java --> Contains PasswordEncoder declarations
Sensitive Data Exposure
Cryptography:
--> JS: GeneralJS/cryptography.js
--> Java: SpringBoot/demo/src/main/java/main/demo/WebSecurityConfig.java
XML External Entities
--> JS: GeneralJS/xxe.js
--> Java: GeneralJava/04-XXE/main/src
XSS
--> React: React/main/src/XSS.js
--> Vue.js: Vue/main/src/components/HelloWorld.vue
--> Angular: Angular/main/src/app
--> Sanitization and escaping libraries: React/main/src/XSS.js
Insecure Deserialization
--> JS: Express/08-InsecureDeserialization/serialisation.js
--> Java: GeneralJava/08-InsecureDeserialization/main/src/main
Insufficient Logging and Monitoring
--> JS: Express/10-InsufficientLoggingAndMonitoring
--> Java: SpringBoot/demo/src/main/java/main/demo/Injection.java --> Uses logging