OWASP Top 10 is an awareness document, which outlines the most critical security risks to web applications. Pentesting is performed according to the OWASP TOP 10 standard to reduce/mitigate the security risks.

In the exercise, we will focus on OWASP A2 Broken Authentication flaws and we will take a look at how to leverage the broken authentication vulnerability on a single page web application.

Objective: Leverage the broken authentication vulnerability and access the administrative portal.

The following credentials might be needed:

| Username | Password | | james@secbank.com | password1 |

Instructions: 

• This lab is dedicated to you! No other users are on this network :)
• Once you start the lab, you will have access to a Kali GUI instance.
• Your Kali instance has an interface with IP address 192.X.Y.2. Run "ip addr" to know the values of X and Y.
• Do not attack the gateway located at IP address 192.X.Y.1

The solution for this lab can be found in the following manual: https://assets.ine.com/labs/ad-manuals/walkthrough-2009.pdf