Securing Web Apps

Scoreboard · Submit Flags

Web Apps

LJ: Linux Journey  83
ED 102: Command Injection  60
ED 103: SQLI Challenges  185
W 600: Burp & Web Security Academy  20
Recommended topics:
  • Path Traversal
  • OS command injection
  • Authentication
  • SQL injection
  • Cross-site scripting
  • Access control vulnerabilities
  • Information disclosure

Hacking APIs

AP 100: Finding API Endpoints20
AP 101: Using Postman with Burp20
AP 102: Cracking a JSON Web Token Signature20
AP 103: Fuzzing with Postman20
AP 104: Broken Object-Level Access (BOLA)10
AP 105: Broken Function-Level Access (BFLA)10
AP 106: NoSQL Injection10
AP 110: Installing crAPI15
AP 120: Vulnerable API20
AP 121: Using OWASP ZAP to Scan Vulnerable API25
AP 130: c{api}tal75

Networking

H 410: Nmap  40
H 420: Wireshark  110
W 200: Google Cloud Linux Servers  15
ED 30: Linux Virtual Machine  15
H 240: Wireguard VPN  15

Splunk Boss of the SOC

Boss of the SOC v1: Threat Hunting with Splunk  325

Basic Defenses

W 10: Configuring an HTTPS Server  15
W 20: reCAPTCHA  15
W 30: CanaryTokens  5

   

References

Living Off The Land Binaries and Scripts

Whole Class with Videos

SOME USEFUL APPLICATION SECURITY RESOURCES

OWASP Top 10 TryHackMe

OWASP Juice Shop

Last updated 6-18-24