2. If a website visitor can access protected
pages they are not meant to see, then the
access controls are broken.
3. Learn some of syntax sqlite3 to query flat-file
database looking for sensitive data, using
hash cracker tools to extract the code. do CTF
challenge from the sample web
4. Learn to perform command injection from
sample web, MooCorp, we can inject an inline
command which will get executed on server
and peek some file/data.
5. These vulnerabilities occur when an improper threat
modelling is made during the planning phases of the
application.
The task we have a challenge, using the
design flaw in its password reset mechanism.
6. Is about lack of awareness from admin or user,
when security could have been appropriately
configured but was not.
using werkzeug console we are challenged to
find the flag.
7. you know its vulnerable if you use an apps or system that outdate
version/component, because there is a chance to infiltrate your systeam easily.
with some quick research will reveal the weakness, even better you
can find an exploit already made on Exploit-DB.
as usual we have a CTF challenge in the end using some script from
exploit DB to infiltrate the machine.
8. looking at a logic flaw within the authentication mechanism, like use of a
weak credentials, weak session cookies, brute force attach
the task is, we are taught to use the weaknesses of the
system, re-register user with additional blank space to
duplicate as if existing user, this new user have a same
permission like existing user because of flaw of the system.
9. you must be aware that the file you downloaded is same from the
origin source, it is called integrity.
we often see a hash sent alongside the file so that you
can prove the file is the original free from unwanted
malicious.
10. Usually, when a user logs into an application, they will be assigned
some sort of session token or usually assigned via cookies.
The task we have to quick modified the JWT Token and
decode it using base64 decoder to get into the admin
login.
11. we should setup logging for any action performed by the user, it's
important.
in the event of an incident, the attackers' activities can
be traced, and so risk and impact can be determined. in
the task we have to know how to read a log file and its
term.