Skip to content

Commit

Permalink
task: Add first session information
Browse files Browse the repository at this point in the history
Add first session information

Signed-off-by: Gabriel Mocanu <[email protected]>
  • Loading branch information
gabrielmocanu committed Jun 24, 2024
1 parent 06f979f commit 567569a
Show file tree
Hide file tree
Showing 39 changed files with 236 additions and 101 deletions.
1 change: 1 addition & 0 deletions chapters/web-application-security/overview/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# Web Application Security

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
include ../../../../common/makefile/slides.mk
10 changes: 10 additions & 0 deletions chapters/web-application-security/web-basics/slides/slides.mdpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
title: "Web Basics"
revealOptions:
background-color: 'aquamarine'
transition: 'none'
slideNumber: true
autoAnimateDuration: 0.0
---

!INCLUDE "web-basics.md"
131 changes: 131 additions & 0 deletions chapters/web-application-security/web-basics/slides/web-basics.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
# Web Basics

Security Summer School

---

## Motivation

- Wide variety of Web applications
- Complexity of the Web applications
- Ubiquitous

---

## Web

- Web vs Internet
- Popularity
- Attack surface

---

## Stateless

HTTP

Simple

Without session

---

## Stateful

FTP

Session

---

## Security against Whom ?

- Neighbors that sniff your Wi-Fi
- Script kiddies that try to bruteforce your website login
- Nation state actors that have exploits to undisclosed vulnerabilities in software you use

---

## Why ?

- Financial gain
- Internet crime
- Cyber warfare
- Data breaches

---

## Status of Web Application Security

- Web application security is not mature field
- The entry level to web development is low
- New exploits and exploitation methods are frequently published
- Security does not directly add revenue. In many cases, it is viewed as an extra cost
- Complexity, various sources, public APIs

---

## Good to know

- CVE
- 0-day Vulnerability
- CWE

---

## Static Web Sites

fast

simple

---

## Dynamic Web Sites

customizable

complex

---

## Roots of Web Application insecurity

- Non-validated user input
- Programmers mistakes

---

## Web Application Framework

- Collection of pieces of software
- Ease of development
- Common solutions for wide variety of tasks

---

## Links

[OWASP Top 10](https://owasp.org/www-project-top-ten/)

- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration

---

## Types of vulnerabilities on web

- Browser vulnerabilities
- Server vulnerabilities
- Web application vulnerabilities

---

## Browser

- Software that displays pages and files on the web
- Interpret and display HTML Web pages, applications, JavaScript, CSS
- Plugins which extend the capabilities
62 changes: 31 additions & 31 deletions config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,18 +13,18 @@ make_assets:
command: make
locations:
- chapters/web-application-security/web-basics/slides
- chapters/web-application-security/cookies-and-session-management/slides
- chapters/web-application-security/sql-injection/slides
- chapters/web-application-security/cross-site-scripting/slides
- chapters/web-application-security/exotic-attacks/slides
- chapters/web-application-security/overview/slides
- chapters/system-and-data-security/framework-api-vulnerabilities/slides
- chapters/system-and-data-security/privilege-escalation/slides
- chapters/system-and-data-security/end-to-end-attack/slides
- chapters/system-and-data-security/overview/slides
- chapters/network-and-communication-security/enumeration-and-recon/slides
- chapters/network-and-communication-security/securring-cummunication/slides
- chapters/network-and-communication-security/overview/slides
# - chapters/web-application-security/cookies-and-session-management/slides
# - chapters/web-application-security/sql-injection/slides
# - chapters/web-application-security/cross-site-scripting/slides
# - chapters/web-application-security/exotic-attacks/slides
# - chapters/web-application-security/overview/slides
# - chapters/system-and-data-security/framework-api-vulnerabilities/slides
# - chapters/system-and-data-security/privilege-escalation/slides
# - chapters/system-and-data-security/end-to-end-attack/slides
# - chapters/system-and-data-security/overview/slides
# - chapters/network-and-communication-security/enumeration-and-recon/slides
# - chapters/network-and-communication-security/securring-cummunication/slides
# - chapters/network-and-communication-security/overview/slides
args:
- all

Expand All @@ -35,16 +35,16 @@ embed_reveal:
extension: mdx
build:
web-basics: web-basics
cookies-and-session-management: cookies-and-session-management
securring-communication: securring-communication
sql-injection: sql-injection
cross-site-scripting: cross-site-scripting
enumeration-and-recon: enumeration-and-recon
framework-api-vulnerabilities: framework-api-vulnerabilities
exotic-attacks: exotic-attacks
privilege-escalation: privilege-escalation
end-to-end-attack: end-to-end-attack

# cookies-and-session-management: cookies-and-session-management
# securring-communication: securring-communication
# sql-injection: sql-injection
# cross-site-scripting: cross-site-scripting
# enumeration-and-recon: enumeration-and-recon
# framework-api-vulnerabilities: framework-api-vulnerabilities
# exotic-attacks: exotic-attacks
# privilege-escalation: privilege-escalation
# end-to-end-attack: end-to-end-attack
#
docusaurus:
plugin: docusaurus
options:
Expand All @@ -63,17 +63,17 @@ docusaurus:

static_assets:
- web-basics: /build/make_assets/chapters/web-application-security/web-basics/slides/_site
- cookies-and-session-management: /build/make_assets/chapters/web-application-security/cookies-and-session-management/slides/_site
- sql-injection: /build/make_assets/chapters/web-application-security/sql-injection/slides/_site
- cross-site-scripting: /build/make_assets/chapters/web-application-security/cross-site-scripting/slides/_site
- exotic-attacks: /build/make_assets/chapters/web-application-security/exotic-attacks/slides/_site
# - cookies-and-session-management: /build/make_assets/chapters/web-application-security/cookies-and-session-management/slides/_site
# - sql-injection: /build/make_assets/chapters/web-application-security/sql-injection/slides/_site
# - cross-site-scripting: /build/make_assets/chapters/web-application-security/cross-site-scripting/slides/_site
# - exotic-attacks: /build/make_assets/chapters/web-application-security/exotic-attacks/slides/_site

- framework-api-vulnerabilities: /build/make_assets/chapters/system-and-data-security/framework-api-vulnerabilities/slides/_site
- privilege-escalation: /build/make_assets/chapters/system-and-data-security/privilege-escalation/slides/_site
- end-to-end-attack: /build/make_assets/chapters/system-and-data-security/end-to-end-attack/slides/_site
# - framework-api-vulnerabilities: /build/make_assets/chapters/system-and-data-security/framework-api-vulnerabilities/slides/_site
# - privilege-escalation: /build/make_assets/chapters/system-and-data-security/privilege-escalation/slides/_site
# - end-to-end-attack: /build/make_assets/chapters/system-and-data-security/end-to-end-attack/slides/_site

- enumeration-and-recon: /build/make_assets/chapters/network-and-communication-security/enumeration-and-recon/slides/_site
- securring-cummunication: /build/make_assets/chapters/network-and-communication-security/securring-cummunication/slides/_site
# - enumeration-and-recon: /build/make_assets/chapters/network-and-communication-security/enumeration-and-recon/slides/_site
# - securring-cummunication: /build/make_assets/chapters/network-and-communication-security/securring-cummunication/slides/_site
config_meta:
title: Web Security
url: http://localhost/
Expand Down

0 comments on commit 567569a

Please sign in to comment.