Intro To Web

Author: Perditor

Slides

Goal:

To learn about web vulnerabilities and how to fix them.


Topics Covered:

  • Explained how clients and servers communicate via HTTP.
  • Warned about the the ethical and legal concerns of knowing how to hack websites.
  • Introduced Google Gruyere and OverTheWire's Natas wargames.

How to Run this meeting:

  • Give the presentation.
  • Have the presenter demonstrate simple XSS in the Gruyere app.
  • There's one in the 'homepage' field of profile. Drop an alert(1) inside script tags, go to 'My Snippets', and click 'My site'.

Description:

For this meeting, we described how the web worked through servers and clients. We introduced OWASP’s top 10 vulnerabilities (e.g. cross-site scripting) and warned against unauthorized access to servers. The rest of the time was spent either playing Gruyere, a codelab created by Google that walks through different web vulnerabilities, or OverTheWire’s Natas, which teaches web security through a series of games. Gruyere does an excellent job of naming, explaining, and demonstrating different kinds of web vulnerabilities. It also walks through how to fix them.