OpenDNS's AppSec Training Lab

I came across OpenDNS Security Ninjas AppSec Training Lab not too long ago and found its simplicity rather enjoyable. It’s a simple web app written in PHP which illustrates each of the OWASP Top 10 categories. As I was going through the exercises I found myself checking to see how the vulnerable code was written and how the issues could be remediated.

Since the lab is geared towards beginners, I thought it might be helpful to provide brief explanations along with links to the relevant lines of source code. For each level/OWASP vulnerability, I simply added a “Why” section to each “Solution” area linking to the sink on Github along with a brief explanation.

The merge request is apparently pending an OpenDNS maintainer, but the fork is on Github.