ThreatShop: Intro to Web Vulnerabilities
Beginner
3 Hours
9 Chapters
ThreatShop is an interactive workshop designed to be a hands-on, practical experience to learn about web application security. Attendees will learn the top web vulnerabilities through a guided hands-on approach. Each exercise contains information on the vulnerability and an example of vulnerable code. After attempting the exercise, you’ll have a walkthrough allowing you to complete the task on your own.
Authored by: rayhan0x01
Workshop Summary
ThreatShop is an immersive, hands-on workshop designed to help you learn and apply key concepts in web application security. Through practical exercises, you’ll explore the most common web vulnerabilities and understand how they work in real-world scenarios. Each module contains a detailed explanation of the vulnerability, vulnerable code examples, and step-by-step guidance to help you complete the lab exercises independently.
Topic Areas:
- Introduction to Web Fundamentals: Understand the basics of web architecture and how web applications function.
- Understanding Web Communications: Dive into how web requests and responses work, focusing on HTTP and other protocols.
- Practical Web Tools for Security Testing: Learn the essential tools used to identify and test vulnerabilities in web applications in preparation for the exercise labs.
Vulnerability Exercises:
You will learn about the following web application vulnerabilities through simple explanations and complete lab exercises that simulate real-world scenarios. Vulnerable code examples will be highlighted to demonstrate the root causes of these security flaws.
- Insecure Direct Object Reference (IDOR)
- Path Traversal
- SQL Injection
- Server-Side Request Forgery (SSRF)
- Cross-Site Scripting (XSS)
- Insecure Deserialization
Workshop Chapters
Web Security Fundamentals
-
Introduction to Web Fundamentals
Understanding Web Communications
Practical Web Tools for Security Testing
Vulnerability Exercises