README.md

FEL KBE – Web Applications Security Lab

SQL Injection

See https://github.com/fel-communication-security/sql-injection

Useful links

• Open Worldwide Application Security Project (OWASP)
• https://www.thecatch.cz/
• https://cognitive-intelligence.github.io/cognitive-web/#/students
• https://www.bleepingcomputer.com/tag/sql-injection/
• https://www.hacksplaining.com/lessons
• https://vm-thijs.ewi.utwente.nl/ctf/sql
• https://github.com/fel-communication-security
• Same-origin policy
  • https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
• CORS
  • https://jakearchibald.com/2021/cors/
• XSS
  • Reflected XSS
    • not stored on the server
    • it might be part of the URL query param (link)
    • someone sents us the link, we click, the server does not escape the value of the param
  • Persistent XSS
    • script is stored on the server (malicious comment in the DB)
• https://darknetdiaries.com/
• https://google-gruyere.appspot.com/
• https://stackoverflow.com/questions/9098655/how-can-i-add-comments-in-mysql