How to Fail at Web Application Security
Application security is a gigantic, hairy, multi-faceted problem to tackle. Ask any developer if they care about security and the answer will almost certainly be "yes". Asking that same developer what tools and processes need to be in place to ensure their production code stays secure... you will almost certainly be left with an answer that doesn't increase your confidence. Let's take a look at four examples from HackTheBox where developers have failed to secure their web applications. We'll use tools like nmap and Burp Suite to quickly hack our way into these boxes and gain a foothold on the server. As we discover vulnerabilities, we'll discuss approaches to preventing them from getting into production in the first place.