Explore OWASP Top 10 vulnerabilities and learn practical exploitation techniques in this comprehensive BSides Augusta 2015 conference talk. Dive into topics such as components with known vulnerabilities, misconfigurations, sensitive data exposure, broken authentication, and session management. Discover how to identify and exploit insecure direct object references, path manipulation, and access control issues. Gain insights into cross-site request forgery, cross-site scripting, and various browser exploit tools. Learn about web penetration testing methodologies, including form submission analysis, Burp Suite usage, and Ajax manipulation. Investigate injection techniques, error message analysis, and database-related vulnerabilities. Master the art of crafting magic strings and understand the importance of proper input sanitization. Conclude with an exploration of command shell stored procedures and the risks of running applications as root.
Overview
Syllabus
Intro
About David
What is OWASP
Components with known vulnerabilities
Misconfigurations
Sensitive Data Exposure
View Source
Post vs Get
Broken Authentication Session Management
Insecure Direct Object References
Path Manipulation
Access Control
False Change
Crosssite request forgery
Crosssite scripting
Utility
Security
View Page Source
Image Source
XSS
Cookies
Browser Exploit Tools
Multiple Submission Web Forms
Web Pen Testing
Form Submission
Expose
Burp Suite
Ajax
Darkness
Injection
Error Messages
Training Tool
Magic Strings
Single Quote Space
Fail
Missing Space
Adding Space
Database Cleanup
Sequel Map
Run as root
Command shell stored procedures
