Add feature 2

[cwong-scw]

sqli

[temp-scw-app[bot]]

Micro-Learning Topic: SQL injection (Detected by phrase)

Matched on "sqli"

What is this? (2min video)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Try this challenge in Secure Code Warrior

[cwong-scw]

should not post sqli again

[cwong-scw]

should not post xss

[cwong-scw]

should not post ssrf

[cwong-scw]

should post csrf

[temp-scw-app[bot]]

Micro-Learning Topic: Cross-site request forgery (Detected by phrase)

Matched on "csrf"

What is this? (2min video)

Session-related but not session-based, this attack is based on the ability of an attacker to force an action on a user’s browser (commonly in the form of a POST request) to perform an unauthorized action on behalf of the user. This can often occur without the user even noticing it… or only noticing when it is too late. The root cause is that browsers automatically send session cookies with all requests to a given domain, regardless of where the source of the request came from, and the application server cannot differentiate between a request that came from pages it served or a request that came from an unrelated page.

Try this challenge in Secure Code Warrior