fix: Update broken links all secDevLabs #588

docs/CONTRIBUTING.md

@@ -53,7 +53,7 @@ To build some of the secDevLabs apps, some third party code, such as libraries o
 
 [1]:/docs/Makefile
 [3]:/docs/README_Template.md
-[4]:/docs/PR_Template.md
-[5]:/docs/Issue_Template.md
+[4]:https://github.com/globocom/secDevLabs/pulls
+[5]:https://github.com/globocom/secDevLabs/issues
 [6]:https://docs.docker.com/compose/gettingstarted/
 [7]:https://docs.docker.com/compose/compose-file/

docs/Dirb.md

@@ -48,7 +48,7 @@ dirb http://localhost:5000 ./docs/common.txt
 ```
 
 <figure align="center">
-    <img src="../owasp-top10-2017-apps/a8/amarelo-designs/docs/attack2.png"/>
+    <img src="../owasp-top10-2021-apps/a8/amarelo-designs/images/attack2.png"/>
     <figcaption>Fig.1 - Dirb demonstration</figcaption>
 </figure>
 

docs/README_Template.md

@@ -5,7 +5,7 @@
 
 ( Be sure to add a banner image of your app here! )
 <p align="center">
-    <img src="https://raw.githubusercontent.com/globocom/secDevLabs/master/owasp-top10-2017-apps/a2/saidajaula-monster/images/img1.png"/>
+    <img src="https://raw.githubusercontent.com/globocom/secDevLabs/master/owasp-top10-2021-apps/a7/saidajaula-monster/images/img1.png"/>
 </p>
 
 ( Here's a short description of your app! )
@@ -65,25 +65,25 @@ A nice example of images to have on an attack narrative in the discovery section
 First time acessing the app:
 
 <p align="center">
-    <img src="https://raw.githubusercontent.com/globocom/secDevLabs/master/owasp-top10-2017-apps/a2/saidajaula-monster/images/img1.png"/>
+    <img src="https://raw.githubusercontent.com/globocom/secDevLabs/master/owasp-top10-2021-apps/a7/saidajaula-monster/images/img1.png"/>
 </p>
 
 Found an interesting page:
 
 <p align="center">
-    <img src="https://raw.githubusercontent.com/globocom/secDevLabs/master/owasp-top10-2017-apps/a2/saidajaula-monster/images/attack1.png"/>
+    <img src="https://raw.githubusercontent.com/globocom/secDevLabs/master/owasp-top10-2021-apps/a7/saidajaula-monster/images/attack1.png"/>
 </p>
 
 Started the analysis on how the app handles cookies:
 
 <p align="center">
-    <img src="https://raw.githubusercontent.com/globocom/secDevLabs/master/owasp-top10-2017-apps/a2/saidajaula-monster/images/attack3.png"/>
+    <img src="https://raw.githubusercontent.com/globocom/secDevLabs/master/owasp-top10-2021-apps/a7/saidajaula-monster/images/attack3.png"/>
 </p>
 
 Confirmed the suspicion by having a look at the code!
 
 <p align="center">
-    <img src="https://raw.githubusercontent.com/globocom/secDevLabs/master/owasp-top10-2017-apps/a2/saidajaula-monster/images/attack4.png"/>
+    <img src="https://raw.githubusercontent.com/globocom/secDevLabs/master/owasp-top10-2021-apps/a7/saidajaula-monster/images/attack4.png"/>
 </p>
 
 Add as many images as you can! A picture is worth more than a thousand words!
@@ -104,13 +104,13 @@ Some good examples of images are as follows:
 Creating a payload:
 
 <p align="center">
-    <img src="https://raw.githubusercontent.com/globocom/secDevLabs/master/owasp-top10-2017-apps/a2/saidajaula-monster/images/attack7.png"/>
+    <img src="https://raw.githubusercontent.com/globocom/secDevLabs/master/owasp-top10-2021-apps/a7/saidajaula-monster/images/attack7.png"/>
 </p>
 
 Delivering a payload, and results!
 
 <p align="center">
-    <img src="https://raw.githubusercontent.com/globocom/secDevLabs/master/owasp-top10-2017-apps/a2/saidajaula-monster/images/attack8.png"/>
+    <img src="https://raw.githubusercontent.com/globocom/secDevLabs/master/owasp-top10-2021-apps/a7/saidajaula-monster/images/attack8.png"/>
 </p>
 
 ## Secure this app
@@ -127,7 +127,7 @@ How would you migitate this vulnerability? After your changes, an attacker shoul
 
 ## Contributing
 
-We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉
+We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉
 
 [secDevLabs]: https://github.com/globocom/secDevLabs
 [ExploitDB]: https://www.exploit-db.com/

owasp-top10-2016-mobile/m2/cool_games/README.md

@@ -4,7 +4,7 @@
     <img src="images/log_in.png"/>
 </p>
 
-Cool Games is a Flutter powered mobile app that serves as the mobile version of [GamesIRADOS.com](https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2017-apps/a10/games-irados). It is built with a mobile front-end and a Golang powered back-end.
+Cool Games is a Flutter powered mobile app that serves as the mobile version of [GamesIRADOS.com][GamesIRADOScom]. It is built with a mobile front-end and a Golang powered back-end.
 
 ## Index
 
@@ -25,7 +25,7 @@ The main goal of this app is to discuss how **Insecure Data Storage** vulnerabil
 
 Before we start, it's important to mention that this app's code is divided into two parts: a back-end server, which can be found in the `server` folder, and the mobile app's code itself in the `mobile` folder. In order for the app to run as intended, the back-end server must be up and running, but no need to worry, we'll walk you through it! 😁
 
-To start this intentionally **insecure application**, you will need [Flutter][VS-Code-Flutter], [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you'll need to start the server, which can be done through the commands:
+To start this intentionally **insecure application**, you will need [Flutter][VS-Code-Flutter], [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs][secDevLabs], you'll need to start the server, which can be done through the commands:
 
 ### Start server commands:
 
@@ -178,14 +178,18 @@ How would you mitigate this vulnerability? After your changes, an attacker shoul
 
 ## PR solutions
 
-[Spoiler alert 🚨] To understand how this vulnerability can be mitigated, check out [these pull requests](https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+label%3A%22Cool+Games%22+label%3A%22mitigation+solution+%F0%9F%94%92%22)!
+[Spoiler alert 🚨] To understand how this vulnerability can be mitigated, check out [these pull requests][these pull requests]!
 
 ## Contributing
 
 We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉
 
+
+[GamesIRADOScom]: https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2021-apps/a9/games-irados
+[secDevLabs]: https://github.com/globocom/secDevLabs
 [API-Version-Issue]: https://github.com/globocom/secDevLabs/blob/master/docs/api-version-issue.md
 [Flutter]: https://flutter.dev/docs/get-started/install
 [VS-Code-Flutter]: https://github.com/globocom/secDevLabs/blob/master/docs/installing-flutter.md
 [Docker Install]:  https://docs.docker.com/install/
 [Docker Compose Install]: https://docs.docker.com/compose/install/
+[these pull requests]:https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+is%3Aclosed+label%3AM2-OWASP-2016+label%3A%22Cool+Games%22

owasp-top10-2016-mobile/m4/note-box/README.md

@@ -25,7 +25,7 @@ The main goal of this app is to discuss how **Insecure Authentication** vulnerab
 
 Before we start, it's important to mention that this app's code is divided into two parts: a back-end server, which can be found in the `server` folder, and the mobile app's code itself in the `mobile` folder. In order for the app to run as intended, the back-end server must be up and running, but no need to worry, we'll walk you through it! 😁
 
-To start this intentionally **insecure application**, you will need [Flutter][VS-Code-Flutter], [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you'll need to start the server, which can be done through the commands:
+To start this intentionally **insecure application**, you will need [Flutter][VS-Code-Flutter], [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs][secDevLabs], you'll need to start the server, which can be done through the commands:
 
 ### Start server commands:
 
@@ -126,13 +126,15 @@ How would you mitigate this vulnerability? After your changes, an attacker shoul
 
 ## PR solutions
 
-[Spoiler alert 🚨] To understand how this vulnerability can be mitigated, check out [these pull requests](https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+label%3A%22mitigation+solution+%F0%9F%94%92%22+label%3A%22Note+Box%22)!
+[Spoiler alert 🚨] To understand how this vulnerability can be mitigated, check out [these pull requests][these pull requests]!
 
 ## Contributing
 
 We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉
 
+[secDevLabs]: (https://github.com/globocom/secDevLabs)
 [Flutter]: https://flutter.dev/docs/get-started/install
 [VS-Code-Flutter]: ../../../docs/installing-flutter.md
 [Docker Install]:  https://docs.docker.com/install/
 [Docker Compose Install]: https://docs.docker.com/compose/install/
+[these pull requests]:https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+is%3Aclosed+label%3AM2-OWASP-2016+label%3A%22Cool+Games%22

owasp-top10-2016-mobile/m5/panda_zap/README.md

@@ -25,7 +25,7 @@ The main goal of this app is to discuss how **Insufficient Cryptography** vulner
 
 Before we start, it's important to mention that this app's code is divided into two parts: a back-end server, which can be found in the `server` folder, and the mobile app's code itself in the `mobile` folder. In order for the app to run as intended, the back-end server must be up and running, but no need to worry, we'll walk you through it! 😁
 
-To start this intentionally **insecure application**, you will need [Flutter][VS-Code-Flutter], [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you'll need to start the server, which can be done through the commands:
+To start this intentionally **insecure application**, you will need [Flutter][VS-Code-Flutter], [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs][secDevLabs], you'll need to start the server, which can be done through the commands:
 
 ### Start server commands:
 
@@ -107,7 +107,7 @@ To enter the conversation, click the message bubble. After that, it's possible t
 
 ### 🔥
 
-If an attacker came into possession of the device and used the [Android Debug Bridge](https://developer.android.com/studio/command-line/adb) tool to communicate with it through a Unix shell, he could inspect how the app behaves and what it logs.
+If an attacker came into possession of the device and used the [Android Debug Bridge][Android Debug Bridge] tool to communicate with it through a Unix shell, he could inspect how the app behaves and what it logs.
 
 To begin, it is possible to list connected devices with the following command:
 
@@ -167,11 +167,11 @@ Having access to the app's log, it's possible to see that a certain key seems to
     <img src="images/key_in_logs.png"/>
 </p>
 
-Now in possession of the key and by having a look at the app's code, it's possible to see that a [Caesar Cipher](https://en.wikipedia.org/wiki/Caesar_cipher) encryption mechanism is being used.
+Now in possession of the key and by having a look at the app's code, it's possible to see that a [Caesar Cipher][Caesar Cipher] encryption mechanism is being used.
 
 In cryptography, a Caesar cipher is an encryption technique in which each letter is shifted by a fixed number of positions down the alphabet. Even though we appear to have what seems to be the shift value, logged as being the `key`, due to the fact of limited letters in the alphabet (25 in English), the cipher can easily be broken in a brute force attack.
 
-If an attacker were connected to the same network as someone using the app, it would be possible to capture and inspect the packets being transmitted using [Wireshark](https://www.wireshark.org/). To better narrow our search, we can filter for the port the app seems to be using, `11005`, as shown by the image below:
+If an attacker were connected to the same network as someone using the app, it would be possible to capture and inspect the packets being transmitted using [Wireshark][Wireshark]. To better narrow our search, we can filter for the port the app seems to be using, `11005`, as shown by the image below:
 
 <p align="center">
     <img src="images/wireshark_narrow_search.png"/>
@@ -198,7 +198,8 @@ How would you mitigate this vulnerability? After your changes, the app should no
 
 ## PR solutions
 
-[Spoiler alert 🚨] To understand how this vulnerability can be mitigated, check out [these pull requests](https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+label%3A%22Panda+Zap%22+label%3A%22mitigation+solution+%F0%9F%94%92%22+)!
+[Spoiler alert 🚨] To understand how this vulnerability can be mitigated, check out [these pull requests][these pull requests]!
+
 
 ## Contributing
 
@@ -209,3 +210,8 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing
 [VS-Code-Flutter]: https://github.com/globocom/secDevLabs/blob/master/docs/installing-flutter.md
 [Docker Install]:  https://docs.docker.com/install/
 [Docker Compose Install]: https://docs.docker.com/compose/install/
+[these pull requests]:https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+is%3Aclosed+label%3AM2-OWASP-2016+label%3A%22Cool+Games%22
+[secDevLabs]: (https://github.com/globocom/secDevLabs)
+[Android Debug Bridge]: https://developer.android.com/studio/command-line/adb
+[Caesar Cipher]: https://en.wikipedia.org/wiki/Caesar_cipher
+[Wireshark]: https://www.wireshark.org/)

owasp-top10-2021-apps/a1/camplake-api/README.md

@@ -25,7 +25,7 @@ The main goal of this app is to discuss how **Broken Access Control** vulnerabil
 
 ## Setup
 
-To start this intentionally **insecure application**, you will need [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start:
+To start this intentionally **insecure application**, you will need [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start:
 
 ```sh
 cd secDevLabs/owasp-top10-2021-apps/a1/camp-lake-api

owasp-top10-2021-apps/a1/ecommerce-api/README.md

@@ -23,7 +23,7 @@ The main goal of this app is to discuss how **Broken Access Control** vulnerabil
 
 ## Setup
 
-To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start:
+To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start:
 
 ```sh
 cd secDevLabs/owasp-top10-2021-apps/a1/ecommerce-api
@@ -120,3 +120,4 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing
 [app]: http://localhost:10005
 [secdevlabs]: https://github.com/globocom/secDevLabs
 [2]: https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2017-apps/a5/ecommerce-api
+[secDevLabs]: https://github.com/globocom/secDevLabs

owasp-top10-2021-apps/a1/tictactoe/README.md

@@ -21,7 +21,7 @@ The main goal of this app is to discuss how **Broken Access Control** vulnerabil
 
 ## Setup
 
-To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start:
+To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start:
 
 ```sh
 
@@ -207,4 +207,5 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing
 [docker compose install]: https://docs.docker.com/compose/install/
 [app]: http://localhost.:10005
 [secdevlabs]: https://github.com/globocom/secDevLabs
+[secDevLabs]: https://github.com/globocom/secDevLabs
 [2]: https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2021-apps/a1/tictactoe

owasp-top10-2021-apps/a2/snake-pro/README.md

@@ -23,7 +23,7 @@ The main goal of this app is to discuss how **Cryptographic Failure** vulnerabil
 
 ## Setup
 
-To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start:
+To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start:
 
 ```sh
 cd secDevLabs/owasp-top10-2021-apps/a2/snake-pro
@@ -68,7 +68,7 @@ Additionally, the channel is being used by users to send their sensitive data is
 
 ### 🔥
 
-If the database is somehow exposed, all users' passwords will be leaked, as shown on these MongoDB documents. To view them, you can locally install [Robo 3T](https://robomongo.org/download) and use default credentials used in `config.yml`:
+If the database is somehow exposed, all users' passwords will be leaked, as shown on these MongoDB documents. To view them, you can locally install [Robo 3T][Robo 3T] and use default credentials used in `config.yml`:
 
 ```
 Database: snake_pro
@@ -118,3 +118,6 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing
 [docker compose install]: https://docs.docker.com/compose/install/
 [app]: http://localhost:10003
 [dirb]: https://tools.kali.org/web-applications/dirb
+[Robo 3T]: https://robomongo.org/download
+[secDevLabs]: https://github.com/globocom/secDevLabs
+

owasp-top10-2021-apps/a3/comment-killer/README.md

@@ -27,7 +27,7 @@ The main goal of this app is to discuss how **Cross-Site Scripting** vulnerabili
 
 ## Setup
 
-To start this intentionally **insecure application**, you will need [Docker](https://docs.docker.com/get-docker/) and [Docker Compose](https://docs.docker.com/compose/install/). After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start:
+To start this intentionally **insecure application**, you will need [Docker][Docker] and [Docker Compose][Docker Compose]. After forking [secDevLabs][secDevLabs], you must type the following commands to start:
 
 ```bash
 cd secDevLabs/owasp-top10-2021-apps/a3/comment-killer
@@ -96,7 +96,7 @@ func handler(c echo.Context) error {
 }
 ```
 
-In order to start the API, the following command can be used (you should check this [guide](https://golang.org/doc/install) if you need any help with Golang):
+In order to start the API, the following command can be used (you should check this [guide][guide] if you need any help with Golang):
 
 ```sh
 go run main.go
@@ -157,3 +157,7 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing
 [docker install]: https://docs.docker.com/install/
 [docker compose install]: https://docs.docker.com/compose/install/
 [app]: http://localhost:10007
+[Docker]: https://docs.docker.com/get-docker/
+[Docker Compose]: https://docs.docker.com/compose/install/
+[guide]: https://golang.org/doc/install
+[secDevLabs]: https://github.com/globocom/secDevLabs