https://youtu.be/8GUwXpUDWhs
Web security workshop 2023-03-24
Michael Pavle on February 21, 2023
Learn more about cybersecurity by exploiting web vulnerabilities and picking apart the OWASP Juice Shop sandbox with GDSC UTM and MCSS. If you'd like to expand your skillset, learn something new, and enjoy some pizza, join us this Friday!
Please install Burp Suite Community Edition before attending!
2. OUTLINEFORTODAY
RequiredSoftware
Please install Burp Suite
if you have not already!
01
OverviewofBurpSuite
Tools like Repeater,
Intruder, etc.
02
OWASPJuiceShop
Attack a live insecure
website, fix security
bugs
03
5. WhyUseBurpSuite?
● Keep a log of web traffic
● View and modify HTTP requests/responses on a website
● Suite of tools:
○ Proxy
■ View all traffic routed through the Burp proxy
■ Intercept and modify requests
○ Intruder
■ Brute force HTTP requests by parameters, endpoints, HTTP
headers, etc.
○ Repeater
■ Repeating a previous HTTP request with modifications
.
.
.
6. BurpSuiteProxy
The web application
response is sent back
to the Burp proxy.
WebServer
Request is sent from
the browser to Burp
Suite.
Allows for the
modification of
request data.
Forwards the request
to the web server.
BurpSuite
Browser
9. User input fields may be used as
arguments in an SQL query. If these
input fields are not sanitized or
validated correctly, an attacker may
be able to modify the query
maliciously.
SQLInjection
9
15. This is where you give credit to the
ones who are part of this project.
◂ Presentation template by Slidesgo
◂ Icons by Flaticon
◂ Infographics by Freepik
◂ Author introduction slide photo
created by Freepik
◂ Text & Image slide photo created
by Freepik.com
CREDITS