Web app hacking
Tips and tricks
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition
Security bugs are just bugs
Attack vs defense
Attackers
Defenders
Black box vs White box
White box
Black box
Recon, recon, recon
It is boring
But if you do it right...
Find the weakest spot
Hitting the target
Injections
Reflected XSS
Stored / Persistent XSS
Many other types of Injection
- SQL injection
- Bash injection
- LDAP injection
- XML injection
User login
Things to look at
- Check cookies
- Reset and remember me options
- LDAP injection
- Timing attacks
- User enumeration
JWT Vulnerability
File upload
Things to look at
- Serialisation and Deserialisation problems
- CSV injection
- Path traversal
- Remote code execution (PHP, JSP and etc)
CSRF
Access Controls
Things to look at
- Vertical privilege escalation
- Horizontal privilege escalation
- "Security through obscurity"
Hack the assumptions
