From the course: DevSecOps: Automated Security Testing
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Web application security quick tour
From the course: DevSecOps: Automated Security Testing
Web application security quick tour
- [Narrator] Make sure Gruyere is up and running by typing make Gruyere start. Now let's head over to localhost:8008 in a browser. When we are at the main page for Gruyere, the first thing I notice is that there is a user sign in and a sign up action. First thing we can do is go and head over and create an account. I'm clicking on sign up and using test for the user name and test for the password. Alright, my account's created. Now this gets me logged in. Now when I go back to the home I notice there's some new items in my menu. There's My Snippets, New Snippets, Upload. Hmm, those all look very promising. I also see my username oddly reflected back to me in kind of a weird way. It might be worth looking into later. But uploading files kind of sounds like a good place for command execution or directory traversal. And that whole adding Snippets or New Snippets thing looks like a good place to take some user input. Maybe where data won't get validated. Well, why don't we just ahead and…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.