My Experiments for Truth.

Things that you need to install the certificate: Key CSR (Certificate Signing Request) Certificate Here we can create these files  with the openssl command. This can be done from any where. It is not necessary that we need to do this commands in the server itself where the domains hosted. I usually do this in my locale machine. My example domain is myxyz.com Creating the Key ############ # openssl genrsa -out myxyz-key.pem 2048 Note: Here if we want to create a more secure key then replace 2048 with 4096 Here we can give any name for the key file, but the only thing is that the extension should be .pem Creating the CSR ############ # openssl req -new -sha256 -key myxyz-key .pem -out myxyz.csr Note: Here we need to give the key filename after the -key option. This command will create a CSR file named myxyz . csr This command will ask for few options and you can see what I have given for a test case.  ==================================== jino@loc

 The primary aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most important web application security weaknesses. The Top 10 provides basic techniques to protect against these high risk problem areas – and also provides guidance on where to go from here. Injection Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF) Exposure of Sensitive Data Security Misconfiguration Using Components with Known Vulnerabilities Unvalidated Redirects and Forwards Broken Authentication and Session Management Insecure Direct Object References Missing Function Level Access Control 1) Injection Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. 2) Cross Site Scripting (XSS)  XS