Web Application Security

Subject Area

Learning Resources

Learn more by checking out these great sites.

API Security 101 by Sadako

learning-resource

This talk covers the primary domains of API security, with notable examples of security flaws for each. The presenter also discusses some basic methodology for testing and fuzzing services, by approaching with educated guesses to how the backend actually works.

Access control vulnerabilities and privilege escalation

learning-resource

This article will discuss what access control security is, describe privilege escalation and the types of vulnerabilities that can arise with access control, and summarize how to prevent these vulnerabilities.

Authentication vulnerabilities

learning-resource

This article will look at some of the most common authentication mechanisms used by websites and discuss potential vulnerabilities in them. It highlights both inherent vulnerabilities in different authentication mechanisms, as well as some typical vulnerabilities that are introduced by their improper implementation. Finally, it provides basic guidance on how you can ensure that your own authentication mechanisms are as robust as possible.

Bugcrowd University - Broken Access Control Testing

learning-resource

Access control, sometimes called authorization, is how a web application grants access to content and functions to some users and not others. Learn how you can test for incorrect configuration of access control which can result in web application security vulnerabilities.

Bugcrowd University - Cross Site Scripting (XSS)

learning-resource

Cross Site Scripting! XSS vulnerabilities are one of the most common bugs on the internet. This class of bug can be very powerful, especially when used with other vulnerabilities and techniques. Learn the history of XSS and and what you can do with this vulnerability.

Bugcrowd University - GitHub Recon and Sensitive Data Exposure

learning-resource

This guide will help you to locate a targeted company’s GitHub repositories and identify any sensitive data that may be exposed within.

Bugcrowd University - Introduction to Burp Suite

learning-resource

This burp suite guide will help you get your software setup and teach you a methodology that will lead you to success. Hacking tools are powerful but it's important you know how to properly use them to their full potential.

Bugcrowd University - Recon & Discovery

learning-resource

This module explores how to discover assets owned by a targeted company and the tools used to help identify them from a bug bounty hunting perspective.

Bugcrowd University - Server Side Request Forgery

learning-resource

Defined by OWASP: “In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources.” This video will talk you through what SSRF is and how to use in for bug hunting.

Bugcrowd University - XML External Entity Injection

learning-resource

Learn about XML External Entity Injection in this YouTube video from Bugcrowd University. Defined by OWASP: “An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.”

Bugcrowd University Lab Guide: Broken Access Control Testing

learning-resource

This resource walks through the set up of different labs to develop familiarity with Broken Access Control Testing. It covers two different open source projects: bWapp and OWASP security Shepherd.

Bugcrowd University Lab Guide: Cross Site Scripting

learning-resource

This lab guide will help you use the bWapp project to practice Cross Site Scripting techniques.

Bugcrowd University – Advanced Burp Suite

learning-resource

This video from Bugcrowd University build on the content in their Introduction to Burpsuite module. This resource will explore further configurations, functionality, and some extensions that will enable you to better utilize Burp Suite. The content is created by Bugcrowd Ambassador Jasmin Landry (jr0ch17).

Burp Suite Certified Practitioner

learning-resource

Advance your career and demonstrate your skills, by becoming a Burp Suite Certified Practitioner. Prove your ability to detect and exploit common web vulnerabilities, with the security testing software used by more than 50,000 security professionals worldwide. By becoming a Burp Suite Certified Practitioner, you will be able to demonstrate your web security testing knowledge and Burp Suite skills to the world.

Business logic vulnerabilities

learning-resource

This article introduces the concept of business logic vulnerabilities and explain how they can arise due to flawed assumptions about user behavior. It covers the potential impact of logic flaws and teaches you how they can be exploited.

Clickjacking (UI redressing)

learning-resource

This article will explain what clickjacking is, describe common examples of clickjacking attacks and discuss how to protect against these attacks.

Cross-origin resource sharing (CORS)

learning-resource

This article will explain what cross-origin resource sharing (CORS) is, describe some common examples of cross-origin resource sharing based attacks, and discuss how to protect against these attacks.

Cross-site request forgery (CSRF)

learning-resource

This article will explain what cross-site request forgery is, describe some examples of common CSRF vulnerabilities, and explain how to prevent CSRF attacks.

Cross-site scripting

learning-resource

This article will explain what cross-site scripting is, describe the different varieties of cross-site scripting vulnerabilities, and spell out how to find and prevent cross-site scripting.

DOM-based vulnerabilities

learning-resource

This article will describe what the DOM is, explain how insecure processing of DOM data can introduce vulnerabilities, and suggest how you can prevent DOM-based vulnerabilities on your websites.

Directory traversal

learning-resource

This article explains what directory traversal is, describes how to carry out path traversal attacks and circumvent common obstacles, and spells out how to prevent path traversal vulnerabilities.

HTTP Host header attacks

learning-resource

This article discusses how misconfigurations and flawed business logic can expose websites to a variety of attacks via the HTTP Host header. It outlines the high-level methodology for identifying websites that are vulnerable to HTTP Host header attacks and demonstrate how you can exploit this. It also provides some general guidance on how you can protect your own websites.

HTTP request smuggling

learning-resource

This article will explain HTTP request smuggling attacks and describe how common request smuggling vulnerabilities can arise.

Information disclosure vulnerabilities

learning-resource

This article will explain the basics of information disclosure vulnerabilities and describe how you can find and exploit them. It also provides some guidance on how you can prevent information disclosure vulnerabilities in your own websites.

Insecure deserialization

learning-resource

This article will cover what insecure deserialization is and describe how it can potentially expose websites to high-severity attacks. It will highlight typical scenarios and demonstrate some widely applicable techniques using concrete examples of PHP, Ruby, and Java deserialization. Finally, it also looks at some ways that you can avoid insecure deserialization vulnerabilities in your own websites.

OAuth 2.0 authentication vulnerabilities

learning-resource

While browsing the web, you've almost certainly come across sites that let you log in using your social media account. The chances are that this feature is built using the popular OAuth 2.0 framework. OAuth 2.0 is highly interesting for attackers because it is both extremely common and inherently prone to implementation mistakes. This can result in a number of vulnerabilities, allowing attackers to obtain sensitive user data and potentially bypass authentication completely.

OS command injection

learning-resource

This article will explain what OS command injection is, describe how vulnerabilities can be detected and exploited, spell out some useful commands and techniques for different operating systems, and summarize how to prevent OS command injection.

Offensive, Defensive, and Forensic Techniques for Determining Web User Identity

learning-resource

This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server.

SQL injection

learning-resource

This article will explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL injection vulnerabilities, and summarize how to prevent SQL injection.

Server-side request forgery (SSRF)

learning-resource

This article will explain what server-side request forgery is, describe some common examples, and explain how to find and exploit various kinds of SSRF vulnerabilities.

Server-side template injection

learning-resource

This article will discuss what server-side template injection is and outline the basic methodology for exploiting server-side template injection vulnerabilities. It also covers ways of making sure that your own use of templates doesn't expose you to server-side template injection.

Testing for WebSockets security vulnerabilities

learning-resource

This article will explain how to manipulate WebSocket messages and connections, describe the kinds of security vulnerabilities that can arise with WebSockets, and give some examples of exploiting WebSockets vulnerabilities.

Video Playlist: Offensive, Defensive, and Forensic Techniques for Determining Web User Identity

learning-resource

A Youtube playlist of the OpenSecurityTraining.info 'Web User Identity' course being delivered. This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server.

Wargame: Natas

learning-resource

Natas teaches the basics of serverside web-security. Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up.

Web cache poisoning

learning-resource

This article talks about what web cache poisoning is and what behaviors can lead to web cache poisoning vulnerabilities. It also looks at some ways of exploiting these vulnerabilities and suggest ways you can reduce your exposure to them.

XML external entity (XXE) injection

learning-resource

This article will explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of XXE injection, and summarize how to prevent XXE injection attacks.