Web Hacking with Santeri

Santeri shared his approach to web pen penetration testing. He visited my ethical hacking course.

Santeri's top 3 favourite vulnerabilities are

  • IDOR (?id=123 => id=124, also OWASP 1.)
  • Path traversal (../../../etc/passwd)
  • Server Side Template Injection - My name is {{6*7}}

We also learned about web pen testing process, favourite tools and learning materials. And many other ways of hacking the web.

Santeri Siirilä works as a security consultant with WithSecure. He was also my student years ago. Santeri is one of the white hats, checking their customers' servers and apps before the bad guys do.