Intro to Web Security Part 1 - 3/1/2020

From DevilSec

Slides

https://docs.google.com/presentation/d/13BpMMcVHl__xy6QoDNwhrF_3fHf0fa47AtWjRgx5FoM/edit?usp=sharing


Links for Practice

Owasp https://www.owasp.org/index.php/Main_Page

Juice shop https://www.owasp.org/index.php/OWASP_Juice_Shop_Project

Port Swigger web security academy https://portswigger.net/web-security

Buggy Web Application http://www.itsecgames.com

Docker container: https://hub.docker.com/r/raesene/bwapp/

Hackthebox web chals https://www.hackthebox.eu

Xtreme Vulnerable Web Applicati9on https://github.com/s4n7h0/xvwa

Hacker101 CTF https://www.hacker101.com

TONS more if you just google

Links for Learning

Web Application Hackers handbook (~$20-$35)https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

Port swigger web security academy (FREE) https://portswigger.net/web-security

Pentester Labs ($35 for 3 months if student, otherwise $20/month) https://pentesterlab.com

Pentester academy ($40/month but also has a bunch of other courses) https://www.pentesteracademy.com

Virtual Hacking Labs ($250 for 3 months but also has other labs) https://www.virtualhackinglabs.com

Google & youtube (FREE)

  • Tons more

Additional Links

Ethical Hacking 101: Web App Penetration Testing - a full course for beginners: https://www.youtube.com/watch?v=2_lswM1S264

Beware of the videos that boast "FULL COMPLETE HACKING TUTORIAL 100% ALL YOU WILL EVER NEED"

Same-origin policy: The core of web security @ OWASP Wellington: https://www.youtube.com/watch?v=zul8TtVS-64

Web Security 101 (Playlist): https://www.youtube.com/watch?v=4Jk_I-cw4WE&list=PLI_rLWXMqpSl_TqX9bbisW-d7tDqcVvOJ