This project showcases common web application vulnerabilities and demonstrates how they can be exploited β and more importantly, how to fix them. Topics include:
- β Cross-Site Scripting (XSS)
- β Cross-Site Request Forgery (CSRF)
- β Session Hijacking
- β Malicious File Uploads
Realistic demos using vulnerable .aspx pages to simulate:
- Session stealing via XSS and cookie capture
- CSRF-based privilege escalation
- File upload exploits revealing directory structures
- Session impersonation and lateral movement using iframe injection
- Input validation and output encoding
- MIME-type and file size validation
- Cookie security with
HttpOnlyandSecureflags - Web Application Firewall (WAF) use
- Principle of Least Privilege enforcement
This project demonstrates how web developer tools, insecure coding practices, and poor file validation can be used by attackers β and how organizations can harden their systems with proactive security measures.
π‘οΈ Created by Brian Smith
π LinkedIn