Insecure Direct Object References are what we are trying next, and these are the things that I actually have tried myself before when I was a kid and idly spending time on the net. When you see your customer number up in the URL and you try changing it and reloading it to see if…

This was a fun room to complete focussing on the password cracking tool John the Ripper. Definitely one of my favourite ones so far, getting password hashes and running them through the cracker in order to find out what the password was. Most of the activities in this one were just following the instructions and…

What a crazy time I had in this room. It talks about vulnerabilities in upload forms that websites may use to allow users to upload files and things to the website. The first couple of tasks were rather easy – using the same file name to overwrite files already on the server. ie. Finding a…

The next room in my learning path was the OWASP (Open Web Application Security Project) Juice Shop. This is a fake vulnerable website for a juice shop set up to allow you to use various exploits and attacks. The first task has you browsing the website trying to gain knowledge from the posts that are…