Web Application Security Workshop by Jordan Cyber Club

By /

Listen to this Post

The Web Application Security workshop conducted by Amnih Yousef in collaboration with the Jordan Cyber Club (JCC) on December 14, 2024, covered essential topics in web application security. The workshop blended theoretical knowledge with practical applications, focusing on:

  • to Web Application Security
  • How Web Applications Work
  • Cookies and Sessions
  • Directory Enumeration
  • Cross-Site Scripting (XSS)
  • SQL Injection

You Should Know:

1. Directory Enumeration

Directory enumeration is a critical step in identifying hidden files and directories on a web server. Tools like Gobuster and Dirb are commonly used for this purpose.

Gobuster Command:

gobuster dir -u http://example.com -w /path/to/wordlist.txt

Dirb Command:

dirb http://example.com /path/to/wordlist.txt

2. Cross-Site Scripting (XSS)

XSS vulnerabilities allow attackers to inject malicious scripts into web pages. To test for XSS, you can use the following payload:

<script>alert('XSS')</script>

3. SQL Injection

SQL injection is a technique used to exploit vulnerabilities in database queries. A simple SQL injection payload to test for vulnerabilities:

' OR '1'='1

SQLMap Command:

sqlmap -u http://example.com/page?id=1 --dbs

4. Cookies and Sessions

Understanding how cookies and sessions work is crucial for securing web applications. Use browser developer tools (F12) to inspect cookies:
[javascript]
document.cookie
[/javascript]

5. Web Application Security Tools

  • Burp Suite: For intercepting and modifying HTTP requests.
  • OWASP ZAP: An open-source web application security scanner.
  • Nmap: For network discovery and security auditing.

Nmap Command:

nmap -sV -p 80,443 example.com

What Undercode Say:

Web application security is a critical aspect of cybersecurity. Understanding vulnerabilities like XSS, SQL injection, and directory enumeration is essential for both attackers and defenders. Tools like Gobuster, SQLMap, and Burp Suite are invaluable for penetration testers. Always ensure to practice ethical hacking and obtain proper authorization before testing any system. For further learning, explore platforms like TryHackMe and OWASP.

Related URLs:

References:

Reported By: Amnih Yousef – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: