Archivo de la etiqueta: wh0swh0s

bWAPP: learning IT security with an app

Today we want to talk about bWAPP, an insecure web application with educational purposes, founded by Malik Masellem (@MME_IT).

There are more applications of this type, but we discovered this one in our stay in Belgium last week, and we found it interesting.

What is bWAPP?

bWAPP is an insecure open-source web application designed to improve the skills of students, developers or people interested in IT security in order to discover and prevent web vulnerabilities.

This app has more than 70 vulnerabilities such as SQL injection, Cross-Site Scripting (XSS) or Denial of Service (DoS).

We can install this app with two different steps:

  • We can download the bWAPP application and install it afterwards in our server (Apache/ISS) or in XAMPP or WAMPP.
  • In addition, we have the possibility of downloading ‘bee-box’, a virtual machine with bWAPP already installed. It takes up 7.3 Gb.

Once installed, it is time to play… here we have two examples of exploiting vulnerabilities:

XSS – Reflected:

1. We choose the vulnerability we want to exploit, in this case, ‘Cross-Site Scripting – Reflected (GET)

2. We write ‘<script>alert(“XSS”)</script>’ in ‘First name’:

3. Result:


SQL Injection:

1. Insert characters: in this case we have enough with an inverted comma  :

2. We receive the information from the database:

You can find all the information of this app, together with the download and the explanation in the following link:

http://itsecgames.com/

Here you have some other applications where you can learn hacking techniques without getting into trouble:

  • Gruyere, a project from Google. You can find more information about this in @fluproject.
  • WebGoat, an OWASP project.
  • Hack.me, an eLearnSecurity project where you can have access to several web applications with vulnerabilities to improve and learn pentesting techniques.

Time to enjoy playing and learning!

Translated by Cristina Serrano (@parole_errante)

Destination… Ghent

24th march:

Today is the day!

This afternoon we are heading to Belgium! Our destination? Ghent, a city that brings back very special memories of our Erasmus grant there.

gante-de-noche-02.jpg Gante en Bélgica.jpg

The purpose of this trip is to collaborate as speakers in the “International Week 2014”. This event is organized by the University College Ghent and it hosts professionals from different sectors in order to present current topics for the university students.

We were going to participate in two different presentations, but finally the organisation has decided to do them in one unique presentation. We are going to talk about several topics:

  • Introduction to IT Security
  • Social Engineering
  • Honeypots
  • Demos, where we will show some techniques of social engineering as bait for obtaining information as well as remote access to another computer.

We will keep you informed in upcoming posts.

Translate by: Cristina Serrano