This workshop was done by research group of FBK CyberSecurity and presented on Positive Hack Days 2019
Thanks to all my collegues, who helped me with this research.
Extended training on hacking web applications
INTRO
The authors will present an overview of various attacks on web applications that may be encountered during a professional security audit or while searching for vulnerabilities as part of a bug bounty program. This workshop will be of interest to both beginners and experienced specialists looking to improve their skills. Participants will be given test assignments to validate their newly acquired skills.
SOURCE CODE
SLIDES
Arbitrary File Read
Command Injection
HTTP Response Splitting (CRLF)
Cross Site Request Forgery (CSRF)
HTTP Parameter Pollution (HPP)
HTTP Verb Tampering
Insecure Direct Object Reference (IDOR)
Key Value Injection
Local File Inclusion (LFI)
NoSQL Injection
Object Injection
Open Redirect
Race Condition
Session Fixation
SQL injection
Server Side Request Forgery (SSRF)
Server-side template injection (SSTI)
Subdomain Takeover
Web Cache Deception
Cross Site Scripting (XSS)
Cross Site Scripting Inclusion (XSSI)
XML eXternal Entity (XXE)