Share
## https://sploitus.com/exploit?id=56EE60C1-E7A4-5D56-BB15-A59EEE53E47B
# Web_Application_Security
# Security Training: Web Application & System Security
This repository contains practical security labs and documentation focused on Web Application Security and Exploitation & System Security.
---
## Topics Covered
### Web Application Security
1. *SQL Injection (SQLi)*
- What is SQL Injection and how it works.
- Manual and automated testing techniques.
- Examples of SQLi payloads.
- Prevention using prepared statements with code examples.
2. *Cross-Site Scripting (XSS)*
- Stored and reflected XSS explained.
- Demonstrations on DVWA.
- Mitigation using input validation and Content Security Policy (CSP).
3. *Cross-Site Request Forgery (CSRF)*
- Understanding CSRF attacks.
- Example of CSRF attack to change password on DVWA.
- Token-based protection method.
4. *File Inclusion Attacks*
- Local File Inclusion (LFI) to read sensitive files.
- Remote File Inclusion (RFI) allowing execution of malicious code.
- Prevention techniques.
5. *Burp Suite Advanced*
- Intercepting and modifying login requests.
- Using Burp Intruder for fuzzing inputs.
6. *Web Security Headers*
- Analyzing security headers using [securityheaders.com](https://securityheaders.com).
- Adding and configuring HTTP security headers in Apache web server.
---
## Repository Structure
- web-application-security/
- sql_injection/
- xss/
- csrf/
- file_inclusion/
- security_headers/
---