Posted in Blog, PortSwigger, ProfDev

PortSwigger Web Academy – 07 Access Control

This was a fun section. Learned some new things with headers and referrers – which is a big part of why I’m going this. Labs were a good variety and all doable with the community version. I’d probably stick this third at this point – Directory traversal, Information Disclosure, Access Control, Command Injection, Authentication, Business Logic, SQLi. I get the order PortSwigger used, but I think this order is a little more complete beginner friendly. I’ll keep tweaking as I go, but I’m pretty comfortable with the first two.

This section has a lot of labs (13) so lots of practice. All were pretty doable with the content covered in the material. No scripting for me in this section. I didn’t see a need. I like this section earlier in the learning path because it uses some very basic techniques (like examining the source code) that are beginner friendly.

A lot of the labs involved having an authenticated user, which makes sense. Not having one or an admin level user would make some of these labs much more difficult. I think you could get close with some guessing and in-depth crawling, but having creds makes a big difference.

Biggest takeaway from this section for me was “this was fun.” The labs were all pretty quick, and I just had fun doing them. Good section for building some momentum.

Author:

Lifelong paradox - cyber sec enthusiast - loves to learn

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.