Vulnerabilities

Kinds

• Database Injection
• Use an ORM to prevent
• Broken Authentication
• ...
• Cross Site Scripting (XSS)
• Run JS code on a different user's browser
• Save a script in a web application database
• Prevented using server-side validation
• Credentials Leakage
• Secret keys exposed
• Revoke it to fix the problem
• Principle of least privilege to prevent big attacks

Peneration Testing

• Test exploit vulnerabilities

• Burp Suite: Man in the middle that intercepts every request

• White hat: you have permission

• Grey hat: you don't have permission
• Black hat: sell the data on the dark web

CIA Triad

• Confidentiality: user authentication
• Integrity: data is correct (not corrupted)
• Availability: data is accessible at any time