Who is Owasp?
→ Open Web Application Security Project
→ its a non-profit foundation dedicated to improving the security of software. @owasp operates as open community model, where anyone can participate in & contribute to projects, events, online chats, and more.
What is Owasp?
→ OWASP Top 10 is an online document on OWASP’s website that provides ranking of and remediation guidance for the top 10 most critical web application security risks
Comprehensive Thread on Web App Fuzzing!
What is web fuzzing?
How can web fuzzing be super useful in Bug Bounties or Pentest?
FFUF for Web Fuzzing?
Fuzzing is generally finding bugs/issues using automated scanning with supplying unexpected data into an application then monitoring it for exceptions/errors/stacktraces.
The motive is to supply superfluous data to trigger exceptions and see if it could lead to issue.
Fuzzing is since several years and has been done is different ways.
The term "fuzz" originated from a fall 1988 class project in the graduate Advanced Operating Systems class (CS736), taught by Prof. Barton Miller at the University of Wisconsin.
3. CSRF vs SSRF 4. What can an attacker do with XSS 5. Requirements of CSRF to happen 6. Root cause of Clickjacking 7. What is diff between SAST & DAST 8. Black/White/Grey Box Testing 9. What is threat, vulnerability, risk 10. What is CIA Triad 11. What are cookie attributes
12. What are most common business logic issues? 13. Question on Burpsuite Tabs 14. What are your fav open source tools? 15. How will you protect against ransomware? 16. What is XXE attack, explain any payload? 17. SSRF and what can be achieved? 18. How can we fix SQLi #infosec