I created a "hackable" web app for a presentation I gave about web app security. Now you can try it out yourself.
Published: | Tue, December 19, 2017, 23:10 |
Updated: | Mon, April 13, 2020, 11:00 |
Category: |
Security
|
Tag: |
Challenge
|
Try to "hack" https://ra.gl/ [link broken] . You can see the rules and goal on that site.
I give a few talks every year. The last years I've mostly talked about different mobile development topics, but because of this blog I have recently had the opportunity to talk about web application security.
Last week I gave a talk at Google Developer Group Bergen, Norway. The talk was about hacking web apps.
After the talk itself we had a session with some hands-on "hacking" of a web app. For this I had created a web site that had intentional "security vulnerabilities".
The goal of the assignment is simple: Just log in on the administrator page at ra.gl [link broken] and get hold of your unique keyword that proves your accomplishment.
I have some rules so that the site isn't ruined completely. It is after all hosted in a shared hosting environment and I don't want anyone else harmed.
You don't really need anything else then your browser's development tools. Personally I like to frequently use its "Copy as cURL" menu option and tweak the HTTP requests in a simple text editor.
The security vulnerabilities are the typical ones that I have found and presented on my blog. I you have read some of those posts you might have some clues on what it could be.
It's isn't a very hard task to break in. But that is actually part of the point. There are some many weaknesses with so many web apps today. With some knowledge and open eyes you can get far. If you are able to hit gold all the way you can solve it within some minutes, but most people seem to need more time.
I hope you enjoy this small assignment! Don't hesitate to give me feedback or if you have any ideas for improvements or other cool stuff that should be included. :-)