Welcome to Practical Demonstration of Web Application Hacking here we are going to learn about various web vulnerabilities and how to hunt them on a target and how to exploit them .
Before we begin to hunt we should choose a target that is in scope here we are going to choose our target as OWASP (Open Web Application Security Project) Juice Shop Project which is an insecure web application.
When we hunt, it’s important to look at every target in it’s own right. We are going to look at the OWASP juice shop. In this demonstration you…
IDOR: Insecure Direct Object Reference
These types of vulnerabilities arise from acces control issues. We will devote another entire chapter to those types of vulnerabilities. The term IDOR was made popular in by appearing in the OWASP top 10 but in reality it’s simply another type of Broken Access Control issue. IDORs can manifest in both horizontal and vertical privilege escalation. To speak of an IDOR, the following conditions have to be met:
AWS has been gaining traction in recent years as an all-in-one solution for cloud solutions. Their strength is that you only pay for what you run and that you can scale really quickly in case of a spike in traffic. Recently, for example, lambdas are taking over but this is not without risk. A lambda can be spun up quickly to catch any traffic spikes. The problem is that this is new technology and it is often misconfigured which allows attackers to run a companies bill sky-high.
We need protection from these mistakes but we also can not trade in…
I’ve been asked how to use knoxss at least 10 times a week for the past weeks so instead of repeating myself, i thought it would be a good idea to write an article. I’ll be explaining what knoxss is, how it works and how others work. I’ll be giving you a comprehensive guide.
First of all we need to ensure we can install this application and there are two ways to get there but the easiest way should be to use docker. We need to install docker itself first but that should just be 2 simple commands, the first one is to remove old installations of docker and the next command will install docker itself.
sudo apt-get remove docker docker-engine docker.io
sudo apt install docker.io
To start up docker we can issue the following command:
sudo systemctl start docker
And to make sure docker always starts up with starting linux we can issue the…
For the issue type “Broken authentication” There are many things that can go wrong but i wanted to show you that broken authentication
To start with, we will need to set up a virtual environment first. This is a place we can install…
For the issue type “Mass assignment” the UI display only the following fields in your account settings:
Mass assignments is when objects have certain properties to them, like “userType” that are bound to the user object but not used in the UI persé or even in the API request. The user might have to guess it but i wanted to teach with this assignment so guessing is kept to a minimum.
There’s not a lot of information out there on business logic vulnerabilities. I challenge you to try it, go to google right now and search “business logic vulnerabilities”. You will find a very good article on it from port swigger and from OWASP but they are very limited and don’t explain the concepts very well in my opinion. Today i’m going to talk to you about logic, what it is, how it can go wrong and how can test for logic issues. …
For the issue type “Information disclosure” i wanted to give you guys an example since it does no seem to be very well understood what data counts as sensitive and what should be disclosed as public information.
A WAF can be purchased or downloaded as an open source firewall but it can equally come in hardware form. The way we configure our WAF often determines how well it keeps attackers out so today i would like to go over some of the features that a WAF can have to hopefully give you a better understanding of how you should configure yours or how you should attack the WAF you are currently facing. Configuring a WAF for stricter inspection might be wanted but we have to realise this increases the processing time of a request.
We can install…