Securing Web Apps

with Sam Bowne, Elizabeth Biddlecome,
Irvin Lemus and Kaitlyn Handelman

Scoreboard · Submit Flags

Web Apps

H 110a: Linux Journey  83
ED 102: Command Injection  60
ED 103: SQLI Challenges  185
W 600: Burp & Web Security Academy  20
Recommended topics:
  • Directory Traversal
  • OS command injection
  • Authentication
  • SQL injection
  • Cross-site scripting
  • Access control vulnerabilities
  • Information disclosure


Hacking APIs

AP 100: Finding API Endpoints20
AP 101: Using Postman with Burp20
AP 102: Cracking a Java Web Token Signature20
AP 103: Fuzzing with Postman20
AP 104: Broken Object-Level Access (BOLA)10
AP 105: Broken Function-Level Access (BFLA)10
AP 106: NoSQL Injection10
AP 110: Installing crAPI15
AP 120: Vulnerable API20
AP 121: Using OWASP ZAP to Scan Vulnerable API25

Networking

H 410: Nmap  40
H 420: Wireshark  110
W 200: Google Cloud Linux Servers  15
ED 30: Linux Virtual Machine  15
H 240: Wireguard VPN  15

Basic Defenses

W 10: Configuring an HTTPS Server  15
W 20: reCAPTCHA  15
W 30: CanaryTokens  5

   

References

Living Off The Land Binaries and Scripts

Whole Class with Videos

SOME USEFUL APPLICATION SECURITY RESOURCES

OWASP Top 10 TryHackMe

OWASP Juice Shop

Scores 7-25-2020 Before HOPE

Final Scores for WASTC FDW, June 22, 2021

Scores archived Aug 12, 2022