6005-CEM Security

Introduction

6005-CEM Security

Home
Module Information
Module Information
- Module Guide
- About these Docs
Assesment
Assesment
Week 1 Introduction
Week 1 Introduction
- Materials
  Materials
- Online Lecture
  Online Lecture
  - Lecture
  - Task
- On Campus
  On Campus
  - Part1
- Extra
  Extra
  - BFF Part 1
Week 2 Legal Factors
Week 2 Legal Factors
- Materials
  Materials
- Online Lecture
  Online Lecture
  - Lecture
  - Task
- On Campus
  On Campus
  - Lab Session
Week 3 Secure Design and Infrastructure
Week 3 Secure Design and Infrastructure
- Materials
  Materials
- Online Lectures
  Online Lectures
  - Lecture
- On Campus
  On Campus
  - Lab Session 1
Week 4 On Campus Lab
Week 4 Cryptography
Week 4 Cryptography
- Materials
  Materials
- Online Lectures
  Online Lectures
  - Lecture
- On Campus Lab Session
  On Campus Lab Session
  - Using Hashes
Week 5 Cryptography
Week 5 Cryptography
- Materials
  Materials
- On Campus Lab Session
  On Campus Lab Session
  - Chat Client
Week 6 Common Vulnerblitlites and Audit
Week 6 Common Vulnerblitlites and Audit
- Materials
  Materials
Week 7 HTTP and SQL Injection
Week 7 HTTP and SQL Injection
- Materials
  Materials
  - Introduction Introduction
    Table of contents
    
    The Web Trainer
    
    Instructions for the Trainer
  - Recap
    Recap
    
    HTTP
    
    Requests
  - Tools To Automate Requests
  - Storing State in HTTP
  - SQL And Injection
  - SQL Injection
  - Database Enumeration
  - Blind SQL Injecton
- Live Lab Session
  Live Lab Session
Week 8 Shells and XSS
Week 8 Shells and XSS
- Materials
  Materials
- Live Lab Session
  Live Lab Session
  - Lab Task
Week 9 RCE
Week 9 RCE
- Materials
  Materials
- Lab Tasks
Week 10 Deserialisation and NoSQL
Week 10 Deserialisation and NoSQL
- Materials
  Materials
- Activities
Week 11 Overflows
Week 11 Overflows
- Materials
  Materials
- Extra
  Extra
  - Detailed Stack Walkthrough
- Activities
  Activities
  - Overflows Lab
Tools and Cheatsheets
Tools and Cheatsheets

Web Vulnerability's: Introduction and SQL Injection

This week we have two topics

A Recap of Web Fundamentals
A Closer look at Injection based attacks

Recap Materials

You should know all of the web fundamentals stuff. So shouldn't need to concentrate too much on it. However, I have added it for reference.

The Web Trainer

For the next set of tasks I have setup a docker container that has examples. You can find the docker compose file

Web Trainer

Instructions for the Trainer

Make sure you have docker installed
Install docker-compose
```
$sudo pip3 install docker-compose
```
Download the docker compose file
Run the compose file with
```
$sudo docker-compose up
```
There will now be a website running on your machine at 172.18.0.1

Using WSL

If you are using WSL the address will be the address of your WSL container. You can find this with ip addr