TryHackMe #3 | Web Application Security

Web Application Security

Status : Easy

Learn about web applications and explore some of their common security issues.

Important Line :

1. Programs run on our computers, using our computer’s processing power and storage.
2. A web application is like a “program” that we can use without installation as long as we have a modern standard web browser.
3. A server refers to a computer system running continuously to “serve” the clients.
4. A database is used to store information in an organized way.
5. Encryption refers to making the data unreadable without knowing the secret key or password.
6. Insecure Direct Object References = IDOR

Answers :

Task 01        : Introduction

Question no 01 : What do you need to access a web application?
Answer         : Browser

Task 02        : Web Application Security Risks

Question no 01 : You discovered that the login page allows an unlimited number of login attempts without trying to slow down the user or lock the account. What is the category of this security risk?
Answer         : Identification and Authentication Failure

Question no 02 : You noticed that the username and password are sent in cleartext without encryption. What is the category of this security risk?
Answer         : Cryptographic Failures

Task 3         : Practical Example of Web Application Security

Question no 01 : Check the other users to discover which user account was used to make the malicious changes and revert them. After reverting the changes, what is the flag that you have received?
Answer         : THM{IDOR_EXPLORED}

{ First try with Yourself }