September 8, 2016

Web Exploitation 102

This time server-side attacks are covered in depth, and the OWASP top 10 is covered. We cover broken authentication and/or session management, the category of security mis-configuration, insecure direct object referencing, targeting admins and user functions with cross-site-request-forgery (CSRF), and similar functionality-level access control vulnerabilities, directory traversal, and finally SQL injection (SQLi). Metacharacter injection is again revisited as is encompasses almost all of these techniques in practice, and presents a straightforward model for approaching the diverse attack surface of web applications. SQLi is covered in depth, with several walkthroughs and techniques (inband error based, inband union based, 2nd order inband injection, partial blind, full blind, and more). We discuss SQLi discovery, fingerprinting, filter or restriction enumeration, table mapping, and finally data extraction. Defenses are covered such as prepared statements and encoding. Several SQLi defense bypasses are discussed.

[ Slides ] [ Homework ] [ Discussion ]

Interested in having your homework graded? Contact us to learn about grading options. The release schedule for this course is available here.

No comments:

Post a Comment

Note: Please keep comments academic in nature.