Web Security (IAW301)

Course Implementation Plan

• Session 1: Web Security Introduction
  • How the web application works
  • Web Application Security
  • Client-Side vs. Server-Side
• Session 2: Web Security Introduction (cont’d)
  • Examples of web programming
  • Security Tools and Scanners
  • OSWAP and others
  • Lab 1: Exploring the OWASP Top 10
• Session 3: Information Disclosure Vulnerabilities
  • What is information disclosure?
  • What is the impact of information disclosure vulnerabilities?
  • Lab 2: Information Disclosure Vulnerabilities
    • Source code disclosure via backup files
    • Information disclosure in version control history
• Session 4: Authentication Vulnerabilities
  • Vulnerabilities in password-based login
  • Lab 3: Authentication Vulnerabilities (password-based)
    • Username enumeration via different responses
    • Username enumeration via response timing
• Session 5: Authentication Vulnerabilities (cont’d)
  • Vulnerabilities in multi-factor authentication
  • Lab 4: Authentication Vulnerabilities (multi-factor authentication)
    • 2FA simple bypass
    • 2FA broken logic
• Session 6: Authentication Vulnerabilities (cont’d)
  • Vulnerabilities in other authentication mechanisms
  • Lab 5: Authentication Vulnerabilities (other authentication mechanisms)
    • Brute-forcing a stay-logged-in cookie
    • Offline password cracking
• Session 7: Access control vulnerabilities
  • Insecure direct object references (IDOR)
  • Lab 6: Access control vulnerabilities - IDOR (Insecure Direct Object References)
    • Insecure direct object references
• Session 8: Access control vulnerabilities (cont’d)
  • Privilege escalation
  • Lab 7: Access control vulnerabilities - Privilege escalation
    • User ID controlled by request parameter
• Session 9: Access control vulnerabilities (cont’d)
  • OAuth2.0
  • Lab 8: Access control vulnerabilities - OAuth2.0
    • Authentication bypass via OAuth implicit flow
• Session 10: SQL injection
  • SQL injection UNION attacks
  • Lab 9: SQL injection - SQL injection UNION attacks
    • SQL injection UNION attack, determining the number of columns returned by the query
• Session 11: SQL injection (cont’d)
  • Blind SQL injection - Timebase SQL Injection
  • Lab 10: Blind SQL injection - Timebase SQL Injection
    • Blind SQL injection with time delays
• Session 12: SQL injection (cont’d)
  • Blind SQL injection - Error SQL Injection
  • Lab 11: Blind SQL injection - Error SQL Injection
    • Blind SQL injection with conditional errors
• Session 13: OS command injection vulnerabilities
  • Lab 12: OS command injection vulnerabilities
    • OS command injection, simple case
• Session 14: OS command injection vulnerabilities (cont’d)
  • Blind OS command injection vulnerabilities
  • Lab 13: Blind OS command injection vulnerabilities
    • Blind OS command injection with time delays
• Session 15: Cross-site scripting
  • Lab 14: Cross-site scripting - Reflected
    • Reflected DOM XSS
• Session 16: Cross-site scripting (cont’d)
  • Lab 15: Cross-site scripting - Stored
    • Stored DOM XSS
• Session 17: Server-side request forgery (SSRF)
  • Lab 16: Server-side request forgery (SSRF)
    • Blind SSRF with out-of-band detection
• Session 18: Race conditions vulnerabilities
  • Lab 17: Race conditions vulnerabilities
    • Limit overrun race conditions
• Session 19: Path traversal vulnerabilities
  • Lab 18: Path traversal vulnerabilities
    • File path traversal, traversal sequences blocked with absolute path bypass
• Session 20: File upload vulnerabilities
  • Lab 19: File upload vulnerabilities
    • Web shell upload via obfuscated file extension

Book

• Andrew Hoffman. Web Application Security: Exploitation and Countermeasures for Modern Web Applications 2nd Edition, O’Reilly Media © February 27, 2024 (ISBN: 978-1098143930).
• David Lorenz. Building Production-Grade Web Applications with Supabase: A comprehensive guide to database design, security, real-time data, storage, multi-tenancy, and more, Packt Publishing © August 9, 2024 (ISBN: 978-1837630684)
• Mike Harwood, Ron Price. Internet and Web Application Security 3rd Edition, Jones & Bartlett Learning © December 12, 2022 (ISBN: 978-1284206166).
• Dr Sunny Wear, Burp Suite Cookbook - Second Edition: Web application security made easy with Burp Suite 2nd ed. Edition, Packt Publishing © October 27, 2023 (ISBN: 978-1835081075).
• Steven Gellis. Burp Suite Ultimate Guide: Mastering Web Application Security Testing, Publisher: Independently published August 8, 2024 (ISBN: 979-8335317320).

URLs

• Portswigger web security
• IAW301_Web-Security_Labs
• Burp Suite 2023.2.2