This week, Josh will be presenting a basic introduction to web application (and site) security. While not designed to be an all-encompassing presentation, this talk will hopefully provide you with a basic understanding of the most common attacks against web applications, using DVWA (Damn Vulnerable Web App). This talk will use live exploits against intentionally vulnerable targets, so networking setup will be important. There is quite a bit of setup for this talk, so email me at email@example.com if you get confused. I will respond as quickly as I can.
####For VMWare Users: 1. In the menu bar at the top: File > Open 2. Browse to the directory where you unzipped the Metasplotable archive 3. Open 4. Press “Edit virtual machine settings” (Right under “Power on this virtual machine”) 5. Go to Network Adapter 6. Set to Host-only
####For VirtualBox Users (Don’t worry, it’s not that much harder)
####For both VMWare and VirtualBox users (After setting everything up) 1. Start up your virtual machine 2. Log in with username “msfadmin” and password “msfadmin” 3. Run “sudo dhclient && ifconfig” 4. Remember the IP address that isn’t 127.0.0.1, it should be listed under an interface like eth0 5. Go back to your regular computer (Right control in VirtualBox, ctrl+alt in VMWare) 6. Check that you can ping Metasploitable (“ping [The IP you previously found]” for windows, “ping -c5 [The IP you previously found]” for Mac/Linux) 7. Shut down Metasploitable (close out of its window, select “shut down”) 8. Profit. You’re finally finished.