Time
9 hours 31 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Description

In this lab-based lesson, participants learn how to use a FireFox plugin called TamperData to accomplish the task which is to discover authentication flaws.

Video Transcription

00:04
Hello and welcome to the cyber. Very secure coding course. My name is Sonny Wear, and this is a WASP top 10 for 2013 a two broken authentication and session management lab in solution.
00:18
This lab is going to be inside of web goat. The authentication flaws. Multi level log in one.
00:27
Now, please note that in this lab I'm actually going to use a Firefox plugin called Tamper Data.
00:35
You are free to use tamper data for this exercise as well. Or if you would like to use burp sweet as we've been using in other labs, you can certainly use that tool as well. Both will accomplish the same tasks.
00:50
This is the video solution forthe indication flaws. Multilevel log In one. It says stage wine. This state is just to show how a classic multi longan works. Your goal is to do a regular log Innes Jane with password Tarzan.
01:07
And you have the following Tan's so tan stands for transaction authorization number. So I'm gonna go ahead and long in as Jame.
01:17
That's what Tarzan.
01:21
The first transaction number I get assigned Is this.
01:26
So it says now you are a hacker who already has stolen some information from Jane by phishing e mail.
01:33
You have the password, which we know is Tarzan.
01:37
Ah, but the first tan has already been used, right? So? So I can't do any kind of session fixation on that particular number
01:49
unnecessarily that I know of. Um,
01:52
although I'm going to try it. So it says the problem is the first and has already used try to break into the system. Anyway,
02:00
if the programmer does not change or check for for the same used tan than possibly I could break ins and log out,
02:13
and, uh,
02:19
okay. And so tan, too has to be a valid number. But what I'm gonna do is go ahead and
02:30
start to tamper.
02:43
And I was able to log in because there was no check
02:46
if a previous tan had been used.

Up Next

Secure Coding

In the Secure Coding training course, Sunny Wear will show you how secure coding is important when it comes to lowering risk and vulnerabilities. Learn about XSS, Direct Object Reference, Data Exposure, Buffer Overflows, & Resource Management.

Instructed By

Instructor Profile Image
Sunny Wear
Instructor