To learn about web vulnerabilities and how to fix them.
- Explained how clients and servers communicate via HTTP.
- Warned about the the ethical and legal concerns of knowing how to hack websites.
- Introduced Google Gruyere and OverTheWire's Natas wargames.
How to Run this meeting
- Give the presentation.
- Have the presenter demonstrate simple XSS in the Gruyere app.
- There's one in the 'homepage' field of profile. Drop an alert(1) inside script tags, go to 'My Snippets', and click 'My site'.
For this meeting, we described how the web worked through servers and clients. We introduced OWASP’s top 10 vulnerabilities (e.g. cross-site scripting) and warned against unauthorized access to servers. The rest of the time was spent either playing Gruyere, a codelab created by Google that walks through different web vulnerabilities, or OverTheWire’s Natas, which teaches web security through a series of games. Gruyere does an excellent job of naming, explaining, and demonstrating different kinds of web vulnerabilities. It also walks through how to fix them.