In this walk through, we will be going through the Web Application Security room from Tryhackme. In this room we will learn about web applications and explore some of their common security issues. So, let’s get started without any delay.
Table of Contents
Task 1 – Introduction
Question 1 – What do you need to access a web application?
Browser
Task 2 – Web Application Security Risks
Question 1 – You discovered that the login page allows an unlimited number of login attempts without trying to slow down the user or lock the account. What is the category of this security risk?
Identification and Authentication Failure
Question 2 – You noticed that the username and password are sent in cleartext without encryption. What is the category of this security risk?
Cryptographic Failure
Task 3 – Practical Example of Web Application Security
Question 1 – Check the other users to discover which user account was used to make the malicious changes and revert them. After reverting the changes, what is the flag that you have received?
THM{IDOR_EXPLORED}
Also Read: Tryhackme – Walking An Application
So that was “Web Application Security” for you. We have learned about the fundamentals of the web application including databases and application software. Further, we looked into some common vulnerabilities in the web application like Identification and Authentication Failure, Broken Access Control, Injection and Cryptographic Failures. At last, we solved a practice lab exploiting IDOR to get the flag and completed the room. On that note, i will take your leave and will see you in next one, Till then “Hack the Planet”.