Web Technologies
The "Web" is arguably the largest threat surface to an organisation. With almost "everyone"1 having some form of web presence.
This week we are going to start looking at web based exploits.
Note
A bit like last week with permissions, this week going to be a little bit of a mish-mash, as we switch from more theoretical topics, to more practical.
You Probably "know" all the stuff about HTTP already. However, we are going to be using a lot of it, so its worth a quick read just to get up to speed.
First we will examine ways of classified and recognising vulnerabilities
The OWASP top 10 gives us a way to categorise and conceptualise common website flaws.
CVE (and other risk rating systems) provide us with a way to classify the issues we find.
Topics for the Week
- The OWASP top 10
- Risk Rating Systems
- Web Fundamentals
- Encoding Data for the Web
- HTTP
- HTTP Requests
- Sessions and Cookies
- Anything Else that seems interesting
-
Obviously, not everyone has a web presence. But its pretty much an accepted part of modern business. ↩