[ Hacker Night School ] :: CSRF

OWASP

Cross Site Request Forgery CSRF is a very specialized form of XSS. It relies on the victim being logged into a site, so the attacker can make a false request – to drain the victim’s bank account, for instance. Where to Learn First, read this OWASP presentation: http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20Cross-site%20Request%20Forgery%20CSRF.pdf Next, webpwnized is your friend. Watch these …

[ Auditing With OWASP ] :: [ Class 2: Injection ]

OWASP

Vulnerability A1: Injection Remember to get the OWASP Proactive Controls for Developers: https://www.owasp.org/images/b/bc/OWASP_Top_10_Proactive_Controls_V3.pdf Practice and Process Open a browser tab to: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Once you are there, do a search in the page to highlight all occurrences of injection. Scroll down to the HTML and CSS injections. Open and read those sections. See this video on …

[ Auditing With OWASP ] :: [ Class 1: Beginning ]

OWASP

The OWASP Top Ten Project First, see the wiki entry on the project at: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project The Top Ten proper: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf (yes really). While you’re at it, get the Testing Checklist: https://www.owasp.org/index.php/Testing_Checklist You’ll need the OWASP Proactive Controls for Developers: https://www.owasp.org/images/b/bc/OWASP_Top_10_Proactive_Controls_V3.pdf Assignments Install the FoxyProxy plugin in Firefox. Download and set up Burp Suite. Configure FoxyProxy …