Share
## https://sploitus.com/exploit?id=56EE60C1-E7A4-5D56-BB15-A59EEE53E47B
# Web_Application_Security

# Security Training: Web Application & System Security

This repository contains practical security labs and documentation focused on Web Application Security and Exploitation & System Security.

---

## Topics Covered

### Web Application Security

1. *SQL Injection (SQLi)*
   - What is SQL Injection and how it works.
   - Manual and automated testing techniques.
   - Examples of SQLi payloads.
   - Prevention using prepared statements with code examples.

2. *Cross-Site Scripting (XSS)*
   - Stored and reflected XSS explained.
   - Demonstrations on DVWA.
   - Mitigation using input validation and Content Security Policy (CSP).

3. *Cross-Site Request Forgery (CSRF)*
   - Understanding CSRF attacks.
   - Example of CSRF attack to change password on DVWA.
   - Token-based protection method.

4. *File Inclusion Attacks*
   - Local File Inclusion (LFI) to read sensitive files.
   - Remote File Inclusion (RFI) allowing execution of malicious code.
   - Prevention techniques.

5. *Burp Suite Advanced*
   - Intercepting and modifying login requests.
   - Using Burp Intruder for fuzzing inputs.

6. *Web Security Headers*
   - Analyzing security headers using [securityheaders.com](https://securityheaders.com).
   - Adding and configuring HTTP security headers in Apache web server.

---

## Repository Structure

- web-application-security/
  - sql_injection/
  - xss/
  - csrf/
  - file_inclusion/
  - security_headers/

---