Tryhackme - Web Application Security

Tryhackme – Web Application Security

In this walk through, we will be going through the Web Application Security room from Tryhackme. In this room we will learn about web applications and explore some of their common security issues. So, let’s get started without any delay.

Web Application Security

Task 1 – Introduction

Question 1 – What do you need to access a web application?

Browser

Task 1 - Introduction

Task 2 – Web Application Security Risks

Question 1 – You discovered that the login page allows an unlimited number of login attempts without trying to slow down the user or lock the account. What is the category of this security risk?

Identification and Authentication Failure

Question 2 – You noticed that the username and password are sent in cleartext without encryption. What is the category of this security risk?

Cryptographic Failure

Task 2 - Web Application Security Risks

Task 3 – Practical Example of Web Application Security

Question 1 – Check the other users to discover which user account was used to make the malicious changes and revert them. After reverting the changes, what is the flag that you have received?

Inventory Management System Orders

Inventory Management System Builds

Warehouse Supervisor

Database Administrator

Flag

THM{IDOR_EXPLORED} 

Task 3 - Practical Example of Web Application Security

Also Read: Tryhackme – Walking An Application

So that was “Web Application Security” for you. We have learned about the fundamentals of the web application including databases and application software. Further, we looked into some common vulnerabilities in the web application like Identification and Authentication Failure, Broken Access Control, Injection and Cryptographic Failures. At last, we solved a practice lab exploiting IDOR to get the flag and completed the room. On that note, i will take your leave and will see you in next one, Till then “Hack the Planet”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top