Question 1Īccess the login form at Launch the AttackBox and deployable machine (target machine). Today, we’ll be fuzzing a web app by using Burp Suite to determine Santa’s password and gain access to his schedule. For example, a guest will be authorized access only to a bare minimum number of resources, a registered user might have more access (depending on the application), and an administrator would have authorization to access all system resources.įuzzing is the act of using automation to test a web application’s security. Different users will have different resources that they are authorized to access. This is commonly done with a username, and password, with many sensitive applications using additional security measures such as multi-factor authentication.Īuthorization is setting permissions for users. Briefly:Īuthentication is the process of validating a user’s identity. The write-up for this task covers basic instructions for using Burp Suite, as well as the topics of authentication, authorization, and fuzzing.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |