As you might know, Hacking-Lab is providing free OWASP TOP 10 hands-on challenges to the OWASP community. This is an inner service of GEC (Global Education Commitee) and as part of the Academy Portal project.
Vulnerabilities within used frameworks and libraries, like the Apache Struts vulnerability do not have a prominent place with the OWASP TOP 10 list, but very important because of it’s remote code execution characteristic. Hacking-Lab has written a vulnerable Apache Struts service and a tutorial video. Check it out.
I think it is important to discuss library and dependency risks.
Please watch the tutorial here:
Please read more about the Apache vulnerability here
Please try it our, mess around in Hacking-Lab (if you like, it’s free!)
Looking forward to hearing from you
Ivan Buetler, Switzerland