Web Application Security

Learn all about Web Application Security with great learning resources from videos to articles to complete training courses.

Online Training

external-learning-resource

Bugcrowd University Lab Guide: Broken Access Control Testing

This resource walks through the set up of different labs to develop familiarity with Broken Access Control Testing. It covers two different open source projects: bWapp and OWASP security Shepherd.

external-learning-resource

Bugcrowd University Lab Guide: Cross Site Scripting

This lab guide will help you use the bWapp project to practice Cross Site Scripting techniques.

external-learning-resource

Offensive, Defensive, and Forensic Techniques for Determining Web User Identity

This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server.

external-learning-resource

Wargame: Natas

Natas teaches the basics of serverside web-security. Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up.

external-learning-resource

Access control vulnerabilities and privilege escalation

This article will discuss what access control security is, describe privilege escalation and the types of vulnerabilities that can arise with access control, and summarize how to prevent these vulnerabilities.

external-learning-resource

Authentication vulnerabilities

This article will look at some of the most common authentication mechanisms used by websites and discuss potential vulnerabilities in them. It highlights both inherent vulnerabilities in different authentication mechanisms, as well as some typical vulnerabilities that are introduced by their improper implementation. Finally, it provides basic guidance on how you can ensure that your own authentication mechanisms are as robust as possible.

external-learning-resource

Burp Suite Certified Practitioner

Advance your career and demonstrate your skills, by becoming a Burp Suite Certified Practitioner. Prove your ability to detect and exploit common web vulnerabilities, with the security testing software used by more than 50,000 security professionals worldwide. By becoming a Burp Suite Certified Practitioner, you will be able to demonstrate your web security testing knowledge and Burp Suite skills to the world.

external-learning-resource

Business logic vulnerabilities

This article introduces the concept of business logic vulnerabilities and explain how they can arise due to flawed assumptions about user behavior. It covers the potential impact of logic flaws and teaches you how they can be exploited.

external-learning-resource

Clickjacking (UI redressing)

This article will explain what clickjacking is, describe common examples of clickjacking attacks and discuss how to protect against these attacks.

external-learning-resource

Cross-origin resource sharing (CORS)

This article will explain what cross-origin resource sharing (CORS) is, describe some common examples of cross-origin resource sharing based attacks, and discuss how to protect against these attacks.

external-learning-resource

Cross-site request forgery (CSRF)

This article will explain what cross-site request forgery is, describe some examples of common CSRF vulnerabilities, and explain how to prevent CSRF attacks.

external-learning-resource

Cross-site scripting

This article will explain what cross-site scripting is, describe the different varieties of cross-site scripting vulnerabilities, and spell out how to find and prevent cross-site scripting.

external-learning-resource

Directory traversal

This article explains what directory traversal is, describes how to carry out path traversal attacks and circumvent common obstacles, and spells out how to prevent path traversal vulnerabilities.

external-learning-resource

HTTP Host header attacks

This article discusses how misconfigurations and flawed business logic can expose websites to a variety of attacks via the HTTP Host header. It outlines the high-level methodology for identifying websites that are vulnerable to HTTP Host header attacks and demonstrate how you can exploit this. It also provides some general guidance on how you can protect your own websites.

external-learning-resource

DOM-based vulnerabilities

This article will describe what the DOM is, explain how insecure processing of DOM data can introduce vulnerabilities, and suggest how you can prevent DOM-based vulnerabilities on your websites.

external-learning-resource

HTTP request smuggling

This article will explain HTTP request smuggling attacks and describe how common request smuggling vulnerabilities can arise.

external-learning-resource

Information disclosure vulnerabilities

This article will explain the basics of information disclosure vulnerabilities and describe how you can find and exploit them. It also provides some guidance on how you can prevent information disclosure vulnerabilities in your own websites.

external-learning-resource

Insecure deserialization

This article will cover what insecure deserialization is and describe how it can potentially expose websites to high-severity attacks. It will highlight typical scenarios and demonstrate some widely applicable techniques using concrete examples of PHP, Ruby, and Java deserialization. Finally, it also looks at some ways that you can avoid insecure deserialization vulnerabilities in your own websites.

external-learning-resource

OAuth 2.0 authentication vulnerabilities

While browsing the web, you've almost certainly come across sites that let you log in using your social media account. The chances are that this feature is built using the popular OAuth 2.0 framework. OAuth 2.0 is highly interesting for attackers because it is both extremely common and inherently prone to implementation mistakes. This can result in a number of vulnerabilities, allowing attackers to obtain sensitive user data and potentially bypass authentication completely.

external-learning-resource

OS command injection

This article will explain what OS command injection is, describe how vulnerabilities can be detected and exploited, spell out some useful commands and techniques for different operating systems, and summarize how to prevent OS command injection.

external-learning-resource

Server-side template injection

This article will discuss what server-side template injection is and outline the basic methodology for exploiting server-side template injection vulnerabilities. It also covers ways of making sure that your own use of templates doesn't expose you to server-side template injection.

external-learning-resource

Web cache poisoning

This article talks about what web cache poisoning is and what behaviors can lead to web cache poisoning vulnerabilities. It also looks at some ways of exploiting these vulnerabilities and suggest ways you can reduce your exposure to them.

external-learning-resource

Server-side request forgery (SSRF)

This article will explain what server-side request forgery is, describe some common examples, and explain how to find and exploit various kinds of SSRF vulnerabilities.

external-learning-resource

SQL injection

This article will explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL injection vulnerabilities, and summarize how to prevent SQL injection.

external-learning-resource

Testing for WebSockets security vulnerabilities

This article will explain how to manipulate WebSocket messages and connections, describe the kinds of security vulnerabilities that can arise with WebSockets, and give some examples of exploiting WebSockets vulnerabilities.

external-learning-resource

XML external entity (XXE) injection

This article will explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of XXE injection, and summarize how to prevent XXE injection attacks.

external-learning-resource

API Security 101 by Sadako

This talk covers the primary domains of API security, with notable examples of security flaws for each. The presenter also discusses some basic methodology for testing and fuzzing services, by approaching with educated guesses to how the backend actually works.

external-learning-resource

Bugcrowd University - Broken Access Control Testing

Access control, sometimes called authorization, is how a web application grants access to content and functions to some users and not others. Learn how you can test for incorrect configuration of access control which can result in web application security vulnerabilities.

external-learning-resource

Bugcrowd University - Cross Site Scripting (XSS)

Cross Site Scripting! XSS vulnerabilities are one of the most common bugs on the internet. This class of bug can be very powerful, especially when used with other vulnerabilities and techniques. Learn the history of XSS and and what you can do with this vulnerability.

external-learning-resource

Bugcrowd University - GitHub Recon and Sensitive Data Exposure

This guide will help you to locate a targeted company’s GitHub repositories and identify any sensitive data that may be exposed within.

external-learning-resource

Bugcrowd University – Advanced Burp Suite

This video from Bugcrowd University build on the content in their Introduction to Burpsuite module. This resource will explore further configurations, functionality, and some extensions that will enable you to better utilize Burp Suite. The content is created by Bugcrowd Ambassador Jasmin Landry (jr0ch17).

external-learning-resource

Bugcrowd University - Introduction to Burp Suite

This burp suite guide will help you get your software setup and teach you a methodology that will lead you to success. Hacking tools are powerful but it's important you know how to properly use them to their full potential.

external-learning-resource

Bugcrowd University – Recon & Discovery

This module explores how to discover assets owned by a targeted company and the tools used to help identify them from a bug bounty hunting perspective.

external-learning-resource

Bugcrowd University – Server Side Request Forgery

Defined by OWASP: “In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources.” This video will talk you through what SSRF is and how to use in for bug hunting.

external-learning-resource

Bugcrowd University – XML External Entity Injection

Learn about XML External Entity Injection in this YouTube video from Bugcrowd University. Defined by OWASP: “An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.”

external-learning-resource

Video Playlist: Offensive, Defensive, and Forensic Techniques for Determining Web User Identity

A Youtube playlist of the OpenSecurityTraining.info 'Web User Identity' course being delivered. This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server.