Skip to main content

THM | Web Application Security

· 2 min read

Introduction to Cyber Security | Web Application Security | Summary:

This series of walkthroughs aims to help out complete beginners with finishing the Introduction to Cyber Security path on the TryHackMe website. It is based on the learning content provided in the Web Application Security room.

Disclaimer: Please note that this write-up is NOT intended to replace the original room or its content, but rather serve as supplementary material for those who are stuck and need additional guidance.

Task | 1 | Introduction

Question 1: What do you need to access a web application?

Browser

Task | 2 | Web Application Security Risks

Question 1: You discovered that the login page allows an unlimited number of login attempts without trying to slow down the user or lock the account. What is the category of this security risk?

Identification and Authentication Failure

Question 2: You noticed that the username and password are sent in cleartext without encryption. What is the category of this security risk?

Cryptographic Failures

Task | 3 | Practical Example of Web Application Security

Question 1: Check the other users to discover which user account was used to make the malicious changes and revert them. After reverting the changes, what is the flag that you have received?

<flag>