This repository contains a series of projects aimed at beginners interested in learning about web security concepts and techniques. Each project focuses on a specific vulnerability or attack scenario and provides step-by-step instructions on how to identify, exploit, and mitigate the associated risks.
-
Identifying and Exploiting SQL Injection Vulnerabilities using bWAPP
- Introduction: Learn how to identify and exploit SQL injection vulnerabilities using the bWAPP web application.
- Pre-requisites: Basic understanding of web applications and SQL.
- Lab Set-up: Install bWAPP and Burp Suite, configure database connections.
- Exercises: Identify SQL injection vulnerabilities, craft injection payloads, and mitigate the risks.
-
Detecting and Mitigating Cross-Site Scripting (XSS) using bWAPP
- Introduction: Explore cross-site scripting vulnerabilities and their impact on web applications.
- Pre-requisites: Basic knowledge of HTML, JavaScript, and web security concepts.
- Lab Set-up: Set up bWAPP and Burp Suite environments for testing XSS vulnerabilities.
- Exercises: Identify reflected and stored XSS vulnerabilities, exploit them, and implement mitigation techniques.
-
Testing for Cross-Site Request Forgery (CSRF) Vulnerabilities using Google Gruyere
- Introduction: Understand Cross-Site Request Forgery vulnerabilities and their implications.
- Pre-requisites: Familiarity with web application security concepts and HTTP requests.
- Lab Set-up: Set up Google Gruyere and Burp Suite environments for testing CSRF vulnerabilities.
- Exercises: Identify CSRF vulnerabilities, exploit them to perform unauthorized actions, and implement mitigation strategies.
-
Finding and Exploiting Command Injection Flaws using DVWA
- Introduction: Explore command injection vulnerabilities and their potential impact on web servers.
- Pre-requisites: Basic understanding of web applications and command line interfaces.
- Lab Set-up: Install DVWA and Burp Suite, configure environments for testing command injection vulnerabilities.
- Exercises: Identify command injection vulnerabilities, execute arbitrary commands, and implement mitigation measures.
-
Exploring File Inclusion Vulnerabilities using bWAPP
- Introduction: Learn about file inclusion vulnerabilities and their significance in web security.
- Pre-requisites: Understanding of web application concepts and server-side scripting languages.
- Lab Set-up: Set up bWAPP and Burp Suite environments to test file inclusion vulnerabilities.
- Exercises: Identify local and remote file inclusion vulnerabilities, exploit them to access sensitive files, and implement safeguards.