KVRA : 001
Title : hacker101
Author : Ly Marolin
Status : Active
Create : 16th Sep 2020
Update : 16th Sep 2020
Version : NA
hacker101 is a free class for web security.whether you're a programmer with an interest in bug bounties or a seasoned security professional.
<<<<<<< HEAD
======= details - [https://www.hacker101.com/]
c4befdc... update
Cody Brocious is the lead of class.
goals 1. how to defend and think as attacker. 2. tools 3. reflected XSS exapmle Hello {$_GET['name']}!"; } ?>
Enter your name:======= if(isset($_GET['name'])){ echo"
"; } ?> Enter your name: <input type="input""name="name">tutorial - [https://www.youtube.com/watch?v=zPYfT9azdK8&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj&index=1]
in this session we focus about the concepth the web of how they affect the security about HTTP, HTML parsing, cookies, etc.
tutorial - [https://www.youtube.com/watch?v=DWBUQiaN5ZM&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj&index=2]
cross-site scripting (XSS) : learn how to identify and prevent script injections & attacks.
tutorials - [https://www.youtube.com/watch?v=HGaFCcWM57U&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj&index=3]
the SQL injection is a code injection technique that might destroy your database. also, it replacement of malicious code in SQL statements, via web page input.
tutorail - [https://www.youtube.com/watch?v=bIB3Hi6KeZU&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj&index=4] - [https://www.w3schools.com/sql/sql_injection.asp]
clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguished as another element.
tutorial - [https://www.youtube.com/watch?v=jcp5t8PsMsY&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj&index=5] - [https://www.imperva.com/learn/application-security/clickjacking/]
session fixation is an attack that permits an attacker to hijack a valid user session. also, the attacker explores a limitation in the way of web application manages the session ID, more specifically the vulnerable web application.
tutorail - [https://www.youtube.com/watch?v=tkSmaMlSQ9E&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj&index=6] - [https://owasp.org/www-community/attacks/Session_fixation]
file inclusion is the file that an attacker created to target vulnerability to attack user computer machine.
tutorial - [https://www.youtube.com/watch?v=ehp9TdmXWr0&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj&index=7] - [https://www.httpcs.com/en/file-inclusion-vulnerability]
file upload bugs is the file that attcker use code beside it to attack system of user via web.
tutorial - [https://www.youtube.com/watch?v=xpCLMz3efUw&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj&index=8] - [https://anotherhackerblog.com/exploiting-file-uploads-pt-2/]
null termination bugs is an obscure but occasionally critical type of vulnerability.
tutorial - [https://www.youtube.com/watch?v=xCcVjgTbycM&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj&index=9]
unchecked redirects is the way that attacker control and send to client who click something without consider by an application redirects.
tutorial - [https://hacker101.linuxsec.org/vulnerabilities/unchecked_redirect]
the secure password storage is the way that we avoid from rainbow table, MD5, and unique password avoid from hash.
tutorial - [https://www.youtube.com/watch?v=xZ5cxxllgP8&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj&index=11]
cryptography is a method of protecting information and communication through the use of codes.
details - [https://www.youtube.com/watch?v=NTpzmPML42E&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj&index=12] - [https://www.youtube.com/watch?v=jtcpREJLN1Y&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj&index=13] - [https://www.youtube.com/watch?v=Zj6Z4QMzObE&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj&index=14]
threat modeling is the practice of identifying and prioritizing potential threats and security mitigions to protect something of value, such as confidential data or intellectual property.
more source about hacker101 - [https://www.youtube.com/watch?v=6DI7RIXUTg8&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj&index=15] - [https://github.com/Hacker0x01/hacker101/tree/master/_resources]
c4befdc... update