5️⃣5 - Web App Security

Topics

Web App Concepts

1. HTTP/S Protocol Basics

2. Encoding

3. Same Origin

4. Cookies

5. Session

6. Web Application Proxies

Web Basics

• ​Web Application Basics​

• ​Web Apps Tools of Trade

Practise

🔬 There are many vulnerable testing web apps like:

• ​Juice Shop - Kali Install​

• ​DVWA - Kali Install​

• ​bWAPP​

• ​Mutillidae II

DVWA

The Damn Vulnerable Web Application (DVWA) is a web application built with PHP and MySQL intentionally designed to be susceptible to security vulnerabilities. Its primary purpose is to serve as a resource for security professionals to assess their skills and tools within a legal context. Additionally, it aids web developers in gaining a deeper understanding of the processes involved in securing web applications and facilitates learning about web application security for both students and teachers in a controlled classroom setting.

DVWA is designed to provide a platform for practicing various common web vulnerabilities at different difficulty levels, all presented through a simple and user-friendly interface. It's important to note that there are deliberate both documented and undocumented vulnerabilities within the software, encouraging users to explore and identify as many issues as possible.

GitHub - digininja/DVWA: Damn Vulnerable Web Application (DVWA)GitHub

DVWA - My Writeups

DVWAWriteups and Walkthroughs

Theory and Lab platform

All labs | Web Security AcademyWebSecAcademy

❗ Disclaimer

• Never use tools and techniques on real IP addresses, hosts or networks without proper authorization!