This workshop will help you understand how to think about security when building kick-ass stuff that runs on the internet.
The purpose of this lesson is to give you an brief input into how you should think about security when developing your own stuff. We have prepared a vulnerable web application which you will run on your own PC. Through the various exercises we will go through many of the top web security problems and demonstrate each problem in our vulnerable application.
- Browser: Chrome
- Code editor: Visual Studio Code
- Some knowledge about web app development and basic web technologies like HTML and HTTP is helpful
- Start by cloning this repository into a folder on your computer. If you've never used git before, you can alternatively use the "Download ZIP" button to the right.
- Although you have this README file on your computer it's easier to read it on GitHub, so we recommend you keep this page open with the exercise tasks.
This is an application that is written with the worst possible practices. Do not use anything here as an example for anything.
You can assume that you have access to the application source code, but not its data when you are exploiting the vulnerabilities.
You might find vulnerabilities that are not specified. Feel free to be creative in your exploitive adventures.
This repository contains a set of exercises organized in folders. Each folder contains a README.md describing the exercise.
- Exercise 1 - Up and running
- Exercise 2 - Injection - Reflected XSS
- Exercise 3 - Injection - SQL Injection
- Exercise 4 - Injection - Persisted XSS
- Exercise 5 - Parameter tampering with XSS
- Exercise 6 - Injection - SQL Injection continued
- Exercise 7 - Bonus exercises
✏️ - A task you should do
📖 - A section of text to read (no tasks, just information).
💡 - Additional information.
❗ - Something important.
❓ - Open-ended question for the reader ("What do you think would happen if...")
💩 - Bad practice (don't-do-this)
⭐ - A bonus task (not required)
Will look like this:
CTRL + ALT + C
Emphasizes how lines of text should change.
- this text was removed
+ and replaced with this text