![[EN]THS22_AMM_ishing.pptx](https://cdn.slidesharecdn.com/ss_thumbnails/enths22ammishing-221013185647-a3b84744-thumbnail.jpg?width=640&height=640&fit=bounds)
![INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx](https://cdn.slidesharecdn.com/ss_thumbnails/internshipreview-ishaq1recovered-230109133242-4ce6a92f-thumbnail.jpg?width=640&height=640&fit=bounds)
OWASP top 10 - 2021 - Tryhackme cyber securit training
- 1. Cyber Security Trainingvia Tryhackme (Open Web Application Security Project)
- 2. If a websitevisitor can access protected pages they are not meant to see, then the access controls are broken.
- 3. Learn some ofsyntax sqlite3 to query flat-file database looking for sensitive data, using hash cracker tools to extract the code. do CTF challenge from the sample web
- 4. Learn to performcommand injection from sample web, MooCorp, we can inject an inline command which will get executed on server and peek some file/data.
- 5. These vulnerabilities occurwhen an improper threat modelling is made during the planning phases of the application. The task we have a challenge, using the design flaw in its password reset mechanism.
- 6. Is about lackof awareness from admin or user, when security could have been appropriately configured but was not. using werkzeug console we are challenged to find the flag.
- 7. you know itsvulnerable if you use an apps or system that outdate version/component, because there is a chance to infiltrate your systeam easily. with some quick research will reveal the weakness, even better you can find an exploit already made on Exploit-DB. as usual we have a CTF challenge in the end using some script from exploit DB to infiltrate the machine.
- 8. looking at alogic flaw within the authentication mechanism, like use of a weak credentials, weak session cookies, brute force attach the task is, we are taught to use the weaknesses of the system, re-register user with additional blank space to duplicate as if existing user, this new user have a same permission like existing user because of flaw of the system.
- 9. you must beaware that the file you downloaded is same from the origin source, it is called integrity. we often see a hash sent alongside the file so that you can prove the file is the original free from unwanted malicious.
- 10. Usually, when auser logs into an application, they will be assigned some sort of session token or usually assigned via cookies. The task we have to quick modified the JWT Token and decode it using base64 decoder to get into the admin login.
- 11. we should setuplogging for any action performed by the user, it's important. in the event of an incident, the attackers' activities can be traced, and so risk and impact can be determined. in the task we have to know how to read a log file and its term.