Web Hacking with Santeri
Santeri shared his approach to web pen penetration testing. He visited my ethical hacking course.
Santeri's top 3 favourite vulnerabilities are
- IDOR (?id=123 => id=124, also OWASP 1.)
- Path traversal (../../../etc/passwd)
- Server Side Template Injection - My name is {{6*7}}
We also learned about web pen testing process, favourite tools and learning materials. And many other ways of hacking the web.
Santeri Siirilä works as a security consultant with WithSecure. He was also my student years ago. Santeri is one of the white hats, checking their customers' servers and apps before the bad guys do.