Jump to content
Sign in to follow this  
wes_phily

Web Application Security

Recommended Posts

wes_phily

Recently I have had opportunities to pen-test websites. I tried to apply what i've learned from here and in books but I don't see any of the vulnerabilities that we see in the classes on elearn or the books i've read. The closest thing to a vulnerabilitie was clear text password but it would require a well positioned sniffer. Also, the data on the website was not important enough for that to matter. I tried checking for injections and XSS but found nothing. I tried supplying unexpected data to different applications but the best I could get was an echo that said hello world in the request and was blank on the website.

The hardest part was that burpsuite would not render the website i was trying hardest on so i had to check for changes in raw code only. There appeared to be no changes.

Everything i've learned is definetly relevant and has helped me a lot. I'm not bashing anybody. However, I was wondering if more complex courses and/or labs would be introduced to further web application security education?

Share this post


Link to post
robertray

Very hard to comment on the individual applications you refer to as all quite often are different in many ways depending on the mechanics of these apps.

With that being said according to some sources its expected you may find around 90% vulnerable to xss alone, other flaws like logic and session handling defects, info disclosures are quite common.

The number of Sqli is reportedly dropping, some suggesting due to increased use of frameworks making more use of stored procedures but often when dynamic created by the developer of applications these issues are still found in around 40% of cases.

Elearnsecurity plans as far as I am aware is to constantly develop and improve on the resources.

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
×