How To Start On Web Applications Security

-



Summary:

hey guys I hope you are fine, now I am going to talk about how to start with Web applications security.
now if you want to learn something from someone but this guy doesn’t speak the same language of you what will you do?…….yes…you will learn his language to learn from him, it’s the same with web applications now if you want to start “security web application” you should learn how it works, learn it’s language.



Now I will talk about the programming language:


There are a lot of programming languages you can use Java, ASP, Perl, Ruby, Python, and PHP but the best one is PHP because most of the web applications use it but the other languages have a good future now you learned PHP to understand what website say :D, now you should learn a programming language for the Database to use it with PHP now the Database is something that the website can’t work without it. so you can learn MySQL it’s good but there are others you can search about them “Google Is Your Friend” now the time for Technologies you should learn the web technologies like HTML, HTML5, Javascript, AJAX, JSON and XML these technologies will be useful for you.

Understand the vulnerabilities:


when you finish the programming languages you will start a new thing it is learning the vulnerabilities now you will start to understand how the vulnerability works…..you can use the OWASP Top 10 to know the well-known vulnerability now you will read about it a lot don’t be bored when you understand the vulnerabilities types and how it works and how you can to stop it, now it’s time to learn the advanced exploit for this vulnerabilities and you can read a write-ups that the other Hackers found..and understand how they did that if they used a new method you don’t know…..so this is good you will learn more.

Be advanced:


now you learned Programming languages and understand the vulnerabilities this is good but you should know, the vulnerabilities, not just XSS, SQL injection you will know that there are more of that, now you can do something else you can start to play Capture The Flag (CTF) what is this, this is a something like a game between the hackers/researchers not just on web applications but there are a lot of fields this will make you advanced and you will learn from it a lot, you can follow this website CTFTime this website notice you if any CTF will start soon online or offline this will be helpful, Now the other thing is the Bug Bounty what is it? this is a way to hack websites but ethically…….how? the websites which have a Bug Bounty Programs give the Ethical Hackers/Security researchers a permission to hack there website to find a vulnerabilities on it but here when the Researcher find a bug he write a report about the vulnerability to the security team of the website to help them to close this vulnerability and the website pay for that, now there are a platforms you can start from it to be a Bug Hunter like HackerOneBugCrowdSynack.

Time to read:


you should read piece of content this helps you to know new issues new exploits for bugs or learn anything you can follow some Researchers to know anything from their posts or write-ups they will help you and follow blogs about cybersecurity and you can read the reports which the researchers send on HackerOne platform you just select the public reports and start read this is helpful and you can follow these blogs it’s helpful SeekurityDetectify Labs, and you can read this reports too this is a big collection of reports and follow this website The Hacker News.
Thank you for reading this I hope that I helped you with anything.

Comments

Post a Comment

Popular posts from this blog

Exploit & Debug Looney Tunables CVE-2023-4911 Local Privilege Escalation in the glibc's ld.so

-
Image
Hoi, let's try to debug and explain CVE-2023-4911 which is a buffer overflow in the glibc loader my debugging and exploit tested on Ubuntu 22.04.2 (Jammy Jellyfish), you can read the analysis and more information from the Qualys Security writeup . POC to check if you are vulnerable or not env -i "GLIBC_TUNABLES=glibc.malloc.mxfast=glibc.malloc.mxfast=A" "Z=`printf '%08192x' 1`" /usr/bin/su --help My exploit POC video takes 5m but I speeded up the video Preparing let's disable ASLR and debug our exploit echo 0 | sudo tee /proc/sys/kernel/randomize_va_space you have to know (from qualys security): On Linux, the stack is randomized in a 16GB region, and our environment strings can occupy up to 6MB (_STK_LIM / 4 * 3, in the kernel's bprm_stack_limits()): after 16GB / 6MB = 2730 tries we have a good chance of guessing the address of our environment strings. using the buffer overflow vulnerability in the tunables we will overflow the link_map struct wh
Read more

Let's Analysis STM32F103 Chip Firmware from Attify

-
Image
( بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ ) Let's start our blog. As we know any IoT device should have a firmware to run it and there is a thought that it is secure by default because it is in a board, but we know that we can dump this firmware, our firmware know is already shared with us something like training to learn basics of reversing firmware. you can download the firmware from here . if we run the file command on the firmware we will find this "STM32F103C-firmware.bin: data" and if we try to get the architecture using binwalk it will return empty result "binwalk -A STM32F103C-firmware.bin" but we don't need this because it is a famous chip and we can know what we want from google. After searching for the chip name STM32F103C we will open its default page you will know that it run using "ARM Cortex M3" we will need that later, it is time to analysis using Ghidra. Analysis Dropping the firmware file to Ghidra but it will not detect anything
Read more

Using CSRF I Got Weird Account Takeover

-
Image
Hi guys, I'm back again this bug was interesting and weird let's start. let's refer to the target's name as (target.com) I start to test the domain like what I do in my testing, I used sublist3r to enumerate the subdomains, in one of these subdomains I start to test the password reset function I sent a request to my email to change the password, i opened the link and sent the request to change the password but i used my Burp to see the request and it looks like that there is a token for CSRF I tested this token and deleted it but the change happens, that means there is no filtring for this token there is a CSRF bug here and there is another thing the token of reset password not in the request not in the cookies or in the body so i think it's in the sessions and how i knew that? I test the function of reset password I sent another link to my account and i sent the same request but it returns 403, I opened the new reset link bug didn't use it and I go b
Read more