Web Exploitation

Web App Exploits

  • Client-side exploits
    • XSS
    • CSRF
    • Client-side authentication and validation
    • Other...
  • Server-side exploits
    • Command injections
    • SQL injections
    • RCEs
    • SSRF
    • Server-side manipulations
    • Other...

Basic Web App Interaction

Client

Server

Request

Response

Most interesting vuln w/ exploit

SSRF (Server-side request forgery)

Client

Internal Firewall

Secured Resource

Secured Resource

Secured Resource

Web App

Web App Resource

Web App Resource

Web Exploitation

By Ivan Zlatanov

Made with Slides.com

Web Exploitation

  • 27

More from Ivan Zlatanov