Web Exploitation

Web App Exploits

  • Client-side exploits
    • XSS
    • CSRF
    • Client-side authentication and validation
    • Other...
  • Server-side exploits
    • Command injections
    • SQL injections
    • RCEs
    • SSRF
    • Server-side manipulations
    • Other...

Basic Web App Interaction

Client

Server

Request

Response

Most interesting vuln w/ exploit

SSRF (Server-side request forgery)

Client

Internal Firewall

Secured Resource

Secured Resource

Secured Resource

Web App

Web App Resource

Web App Resource

Copy of Web Exploitation

By Ivan Zlatanov

Made with Slides.com

Copy of Web Exploitation

  • 31

More from Ivan Zlatanov