Learn Web Hacking 1.00 Overview
Hi everyone,
In this article, I want to talk about web hacking. Web hacking is a very interesting topic because there are so many web sites today and it's a way to attack a company.
The first reference for website attacks is the OWASP top ten! https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
OWASP top ten is a free document made to spread awareness about the most critical security risk for the web applications. They update the top ten every few years so it stays up to date.
The top ten from 2017:
A1: Injection
Injection flaws happens when you can send untrusted data to the target so it executes unintended commands.
A2: Broken authentication
This flaw happens when the authentication and session management are implemented improperly.
A3: Sensitive data exposure
Some sensitive data (credit card numbers) are not encrypted properly in transit or in storage.
A4: XML external entities (XXE)
Poorly configured XML processors evaluate external entity within the XML documents. The attacker could include code inside the XML document to be evaluated and executed.
A5: Broken access control
The access control doesn't properly restrict the user so he can access unauthorized data.
A6: Security misconfiguration
Some insecure default configurations can lead to some flaws.
A7: Cross-site scripting (XSS)
XSS happens when the user can send untrustred data to the web application without the page validating the data or escaping unsafe characters.
A8: Insecure deserialization
This can lead to remote code execution.
A9: Using components with known vulnerabilities
Some libraries, framework, modules already have vulnerabilities that can be exploited to attack web applications.
A10: Insufficient logging and monitoring
This is the impossibility to detect a breach and react before it's too late.
In the next articles I will show you some of these attacks taht are very interesting like SQL injection, XSS and more!! If you want more information fell free to ask and check the OWASP website! https://www.owasp.org/index.php/Main_Page
The information provided on hacking is to be used for educational purpose only. The creator is in no way responsible for any misuse of the information provided. All the information provided is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word "Hacking" should be regarded as "Ethical hacking". You implement the information given at your own risk
You should look at the OWASP Testing Guide. It is literally a guide on how to hack stuff and the procedure to follow. It is really fun to read:
https://www.owasp.org/images/1/19/OTGv4.pdf
Yes it's a very interesting and complete guide thx for sharing!!
Your welcome. Check this guide out too:
https://forum.bugcrowd.com/t/level-2017-discussion-jason-haddix-bug-hunters-methodology-v2/3048
Yes this guy made very nice talks about web hacking! He is a good reference!
You should try bugbounty hunting if you enjoy hacking. You ever tried your luck? I can post some more guides like this if you are interested.
Yes I would be interested in bug hunting! I know about Hackerone and Bugcrowd. I would be glad to know about some resources and tricks to be successful!
Seems like you post a lot of interesting topics about Cybersecurity :)
I am gonna follow you !
Thanks I will have more to come!
Your Post Has Been Featured on @Resteemable!
Feature any Steemit post using resteemit.com!
How It Works:
1. Take Any Steemit URL
2. Erase
https://
3. Type
re
Get Featured Instantly & Featured Posts are voted every 2.4hrs
Join the Curation Team Here | Vote Resteemable for Witness