Recently, my friend Jeremy and I conducted a workshop on web security for students of the NUS Orbital programme. The aim was to educate these students on the most common vulnerabilities faced by web applications so that they will be able to develop their own secure web applications. To make the workshop more exciting, we decided to approach the topic from an offensive perspective. The topics that we covered include:
- Default/Weak Passwords
- SQL Injection
- Password Storage
- Command Injection
- Cross-site Request Forgeries
- Open Redirects
- Directory Traversal
- Local File Inclusion
- Insecure Objects
- Offensive Scripting with Python:
- Dictionary Attacks
- Brute-Forcing Attacks
- Automating SQLi with SQLMap
- Exploiting Git Directories on Web Servers
If you did not attend the workshop but would still like to learn about these topics, you may browse our presentation at https://docs.google.com/presentation/d/1xHuZVBDRyWEwbEy9E8z3HXwvF2ZXv57hnZpwBcOt6HQ/pub and our webcast from the following YouTube videos:
Comments
Post a Comment