SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess Off
SecRule ARGS|REQUEST_HEADERS|XML:/* "@detectSQLi" \
"id:1001,phase:2,deny,status:403,log,msg:'Potential SQLi detected'"
#!/usr/bin/env bash
sqlmap \
-r login-request.txt \
--risk=2 \
--level=3 \
--batch \
// 1. DANGEROUS: Never use innerHTML with user input
const userInput = '<img src=x onerror="alert('XSS')">';
// WRONG - vulnerable to XSS
document.getElementById('output').innerHTML = userInput;
#!/usr/bin/env bash
docker run --rm -t owasp/zap2docker-stable zap-baseline.py \
-t https://preview.example.com \
-r zap-report.html \
-I