DBC Wargames!

The Team

Chad - Campbell - Darwin - Guil

Our Mission Statement

DBC teaches the students to write web applications in Ruby on Rails -- security can sometimes be considered an afterthought. Our team decided to make this our main focus, and illuminate the security flaws in some of the web apps we are writing.

This is a compendium of all of the information we have learned - the common exploits, the security tools used, and other useful tips from the web security world. This can be used as a point of reference for people interested in learning more about this important topic.

DISCLAIMER: Please keep in mind that this repo is for educational purposes only. Make sure that anything you do with this information is legal - get permission before you hack!

Table of Contents

Definitions

The world of Web Security can be a scary place... Let us clear up some of your confusion by defining a few terms!

• Penetration Testing - What is this pentesting thing anyways?
• White Hat vs. Black Hat - Which hat do I wear?
• CVE's and 0-day's - Security holes for which no solution is currently available.
• Bug Bounties - Find exploits for fame and fortune!
• TOR & Deep Web - Quick overview of the Tor Project

Common Exploits

As a software developer, what do I need to know?

• Malware - Malware, virus, worm, etc.
• Social Engineering - Tricking people into breaking normal security procedures
• SQL Injection - SQL Injections can destroy your database.
• Man-in-the-middle Attacks - Intercept the traffic between two parties
• XSS - Injecting malicious client-side scripts into Web pages
• Sessions hijacking - Attackers stealing the cookies used to authenticate a user to a remote server.
• Fuzzing - Fuzzers automatically inject data into a program to detect bugs.
• Phishing - A Nigerian prince wants to give ME money?
• DDoS - Denial Of Service Attacks
• Access Point Spoofing ---Needs work
• Keyloggers - Keylogging software reads everything you type.

Security Tools

There are tons of security tools out there. These are just a few that we've spent time researching - there are many, many more.

• Burp - man-in-the-middle app with many modules
• recon-ng - regarded as one of the top tools for open source reconnaisance
• BeEF - a penetration testing tool that focuses on the web browser
• Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
• w3af - an open-source web application security scanner
• metasploit & kali linux - The Hacker's OS
• Browser Extensions - Turn your browser into a hacking machine

Application Development

• HTTPS and SSL - enabling HTTPS over Rails and Sinatra

Links & Misc.

• Websites where you can practice your hacking skills!
• General Guidelines
• WebApp Testing Learning
• Learning (A/V)
• WebApp Testing Theory
• Challenges
• Learning: (A/V) Metasploit Framework
• Senario Based Inf Testing
• Offensive Security Metaploit Course
• Challenges
• Anonymous