/Orbital-2021

Primary LanguageHTMLMIT LicenseMIT

NUS Greyhats Orbital Security Workshop

Demo Site (Available during workshop)

Slides

Requirements

  1. Python 3
  2. A browser of your choice with inspect element functionality

Quick Start Guide

  1. Clone the file into you directory
  2. Run pip install -r requirements.txt to install dependencies
  3. Change directory to WebServer
  4. Set the FLASK_DEBUG environment variable to 1 if debugging (e.g. export FLASK_DEBUG=1 (Linux) or $Env:FLASK_DEBUG = 1 (Powershell))
  5. Run python3 __main__.py
  6. The webserver should be running and if you go to http://localhost:3000 you should be able to see the main page of the website.

Goals of the workshop

Showcase vulnerabilites:

  • SQLI (SQL Injection)
  • CSRF (Cross Site Request Forgery)
  • Stored XSS (Stored Cross Site Scripting)
  • Reflected XSS (Reflected Cross Site Scripting)

Objectives for workshop

  • Explain Website Basics
  • Explain CSRF, XSS and SQLi
  • Hands on fake orbital website exploit
  • Other discussions
  • Ads for NUS Greyhats

Link to Workshop Slides: here

Extra challenges

Can you figure out how to do the XSS with the CSRF Token protection in place? (Answer is in one of the useful links below)

Tech Stack

  1. Flask

Other useful links

XSS

  1. XSS by PortSwigger
  2. XSS by OWASP

CSRF

  1. CSRF by PortSwigger
  2. CSRF by OWASP

SQLi

  1. SQLi by PortSwigger
  2. SQLi by OWASP

XSS With CSRF Token

  1. XSS With CSRF Token

Other Vulnerabilities not covered in this workshop

  1. Local File Inclusion
  2. Template injection

Other Vulnerable Web App

  1. DVWA
  2. OWASP Top 10

Note

Visit our Official Webpage at NUS Greyhats

If you are a student who is interested in helping out with such activities, do contact us here

If you are a speaker who is willing to present at our security Wednesdays please contact us here