mkdocs.yml

site_name: OWASP shepherd 学习笔记
site_description: OWASP shepherd 学习笔记，专注对 owasp shepherd 中文翻译，漏洞源代码学习，让开发和测试同学真正理解安全漏洞，提高安全意识，打造安全的系统
site_author: anquanbiji.com
copyright:  ©Copyright 2021 - 安全笔记 小组 - 专注安全防御解决方案 - <a href="http://anquanbiji.com" target="_blank"><strong>安全笔记网站</strong></a> 
use_directory_urls: false
repo_name: anquanbiji/owasp-shepherd-cn-code
repo_url: https://github.com/anquanbiji/owasp-shepherd-cn-code


theme:
  name: material
  language: zh
  features:

  - navigation.top   # 回到顶端
  - content.code.annotate

# 访问统计
extra_javascript:
    - '//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js'
    
# 第三方评论
#extra:
#  disqus: 'something'


markdown_extensions:
  - admonition
  - abbr
  - attr_list
  - def_list
  - footnotes
  - meta
  - md_in_html
  - toc:
      permalink: true
  - pymdownx.arithmatex:
      generic: true
  - pymdownx.betterem:
      smart_enable: all
  - pymdownx.caret
  - pymdownx.details
  - pymdownx.emoji:
      emoji_index: !!python/name:materialx.emoji.twemoji
      emoji_generator: !!python/name:materialx.emoji.to_svg
  - pymdownx.highlight
  - pymdownx.inlinehilite
  - pymdownx.keys
  - pymdownx.magiclink:
      repo_url_shorthand: true
      user: squidfunk
      repo: mkdocs-material
  - pymdownx.mark
  - pymdownx.smartsymbols
  - pymdownx.superfences:
      custom_fences:
        - name: mermaid
          class: mermaid-experimental
          format: !!python/name:pymdownx.superfences.fence_code_format
  - pymdownx.tabbed
  - pymdownx.tasklist:
      custom_checkbox: true
  - pymdownx.tilde
  

      
nav:
    - shepherd 项目介绍: index.md
    - shepherd CN 介绍: security_qa.md
    - 学前基础知识: http_proxy.md 
    #- 学员范围:
    #   - 企业内部安全培训: enterprise_security_developer_taining.md 
    #   - 安全开发测试教程 : enterprise_security_developer_taining.md 
    - web漏洞学习笔记: 
        - 基础等级(Field Training)课程:
            - Insecure Direct Object References(不安全的直接对象引用): vul/insecure-derect-object-references.md 
            - Poor Data Validation(失效的数据验证): vul/poor-data-validation.md 
            - Security Misconfiguration(安全配置错误): vul/security-misconfiguration.md 
            - Broken Authentication and Session Management(失效的身份认证和会话管理): vul/Broken-Authentication-and-Session-Management.md
            - Failure to Restrict URL Access(没有限制URL访问): vul/Failure-to-Restrict-URL-Access.md 
            - Cross Site Scripting(跨站脚本攻击): vul/Cross-Site-Scripting.md
            - Cross Site Scripting One(跨站脚本攻击 1): vul/Cross-Site-Scripting-One.md
        - 列兵等级(Private)课程:
            - Insecure Cryptographic Storage(不安全的加密存储): vul/Insecure-Cryptographic-Storage.md
            - SQL Injection Lesson(SQL 注入): vul/SQL-Injection-Lesson.md
            - Insecure Cryptographic Storage Challenge 1(不安全的加密存储 1): vul/Insecure-Cryptographic-Storage-Challenge-1.md 
            - Insecure Direct Object References Challenge One(不安全的直接对象引用 1):  vul/Insecure-Direct-Object-References-Challenge-One.md
            - Poor Validation One(失效的数据认证 1): vul/Poor-Validation-One.md
            - SQL Injection Challenge One(SQL 注入 1): vul/SQL-Injection-Challenge-One.md 
            - Session Management Challenge One(会话管理 1): vul/Session-Management-Challenge-One.md
            - Failure To Restrict URL Access Challenge 1(没有限制URL访问 1): vul/Failure-To-Restrict-URL-Access-Challenge-1.md
            - Cross-Site Request Forgery(跨站请求伪造): vul/Cross-Site-Request-Forgery.md
        - 下士等级(Corporal)课程:
            - Unvalidated Redirects and Forwards(未验证的重定向和转发): vul/Unvalidated-Redirects-and-Forwards.md
            - SQL Injection Challenge Two(SQL注入挑战 2): vul/SQL-Injection-Challenge-Two.md
            - SQL Injection Escaping Challenge(SQL 注入转义): vul/SQL-Injection-Escaping-Challenge.md 
        - 中士等级(Sergeant)课程:
            - Session Management Challenge Two(会话管理 2): vul/Session-Management-Challenge-Two.md 
            - Cross Site Request Forgery Challenge One(跨站请求伪造 (CSRF) 1): vul/Cross-Site-Request-Forgery-Challenge-One.md
            - Session Management Challenge Three(会话管理 3): vul/Session-Management-Challenge-Three.md
            - Cross Site Scripting Two(跨站脚本攻击 2): vul/Cross-Site-Scripting-Two.md
            - Insecure Cryptographic Storage Challenge 2(不安全加密存储 2): vul/Insecure-Cryptographic-Storage-Challenge-2.md
            - Insecure Direct Object References Challenge Two(不安全的直接对象引用 2): vul/Insecure-Direct-Object-References-Challenge-Two.md 
            - Cross Site Scripting 3(跨站脚本 (XSS)3): vul/Cross-Site-Scripting-3.md 
        - 中尉等级(Lieutenant)课程:
            - Insecure Direct Object Reference Bank Challenge(银行不安全的直接对象引用): vul/Insecure-Direct-Object-Reference-Bank-Challenge.md 
            - SQL Injection Challenge Three(SQL 注入 3 ): vul/SQL-Injection-Challenge-Three.md
        - 少校等级(major)课程:
            - Session Management Challenge Four(会话管理 4): vul/Session-Management-Challenge-Four.md 
            - Cross Site Scripting 4(跨站脚本攻击 4): vul/Cross-Site-Scripting-4.md
            - SQL Injection 4(SQL 注入 4): vul/SQL-Injection-4.md 
            - Insecure Cryptographic Storage Challenge 3(不安全加密存储 3): vul/Insecure-Cryptographic-Storage-Challenge-3.md 
            - Poor Validation Two(失效的数据验证 2): vul/Poor-Validation-Two.md
            - Failure to Restrict URL Access Challenge 2(没有限制URL访问 2): vul/Failure-to-Restrict-URL-Access-Challenge-2.md
            - Cross Site Scripting 5(跨站脚本攻击 5): vul/Cross-Site-Scripting-5.md
        - 上将等级(admiral)课程:
            - SQL Injection Challenge 5(SQL 注入 5): vul/SQL-Injection-Challenge-5.md 
            - SQL Injection Stored Procedure Challenge(SQL 注入储存程序): vul/SQL-Injection-Stored-Procedure-Challenge.md 
            - Cross Site Scripting Six(跨站脚本攻击 6): vul/Cross-Site-Scripting-Six.md 
            - SQL Injection Challenge 6(SQL 注入 6): vul/SQL-Injection-Challenge-6.md 
            - Session Management Challenge Five(会话管理 5): vul/Session-Management-Challenge-Five.md
            - Failure to Restrict URL Access Challenge 3(没有限制URL访问 3): vul/Failure-to-Restrict-URL-Access-Challenge-3.md 
            - Session Management Challenge Six(会话管理 6): vul/Session-Management-Challenge-Six.md 
            - Session Management Challenge Seven(会话管理 7): vul/Session-Management-Challenge-Seven.md 
            - SQL Injection Challenge 7(SQL 注入 7): vul/SQL-Injection-Challenge-7.md 
    - 移动漏洞学习笔记:
        - 列兵等级(Private)课程: 
            - Insecure Data Storage(移动不安全的数据存储): vul/app/Insecure-Data-Storage.md
            - Mobile Reverse Engineering(移动逆向工程): vul/app/Mobile-Reverse-Engineering.md
            - Unintended Data Leakage(移动数据意外泄漏): vul/app/Unintended-Data-Leakage.md
            - Content Provider Leakage(内容提供者泄漏): vul/app/Content-Provider-Leakage.md 
        - 下士等级(Corporal)课程:
            - Reverse Engineering 1(逆向工程 1): vul/app/Reverse-Engineering-1.md 
            - Client Side Injection(移动客户端注入): vul/app/Client-Side-Injection.md 
            - Poor Authentication(失效的身份认证): vul/app/Poor-Authentication.md 
            - Broken Crypto(失效的加密): vul/app/Broken-Crypto.md
            - Mobile Reverse Engineer 2(逆向工程 2): vul/app/Mobile-Reverse-Engineer-2.md
        - 中士等级(Sergeant)课程:    
            - Mobile Insecure Data Storage 1(不安全的数据存储 1): vul/app/Mobile-Insecure-Data-Storage-1.md
            - Mobile Broken Crypto 1(失效加密 1): vul/app/Mobile-Broken-Crypto-1.md 
            - Mobile Reverse Engineer 3(逆向工程 3): vul/app/Mobile-Reverse-Engineer-3.md
            - Mobile Insecure Data Storage 2(不安全的数据存储 2): vul/app/Mobile-Insecure-Data-Storage-2.md
      
    - 联系我们: contact.md
    - 后记:
        - 漏洞列表: vullist.md
        - 安全开发基础知识: security_develop_taining.md
        - 企业面向研发的安全培训: enterprise_security_developer_taining.md 
        - 安全测试QA版: qa_taining.md 
        - 专业安全测试人员: securityer_taining.md