Web Hacking with Santeri
![](/2023/web-hack-santeri/santeri-siirila-white-hat-hacker_hud37e925d345586d41f555572dcebc04d_175446_300x300_fit_box.png)
Santeri shared his approach to web pen penetration testing. He visited my ethical hacking course.
Santeri's top 3 favourite vulnerabilities are
- IDOR (?id=123 => id=124, also OWASP 1.)
- Path traversal (../../../etc/passwd)
- Server Side Template Injection - My name is {{6*7}}
We also learned about web pen testing process, favourite tools and learning materials. And many other ways of hacking the web.
Santeri Siirilä works as a security consultant with WithSecure. He was also my student years ago. Santeri is one of the white hats, checking their customers' servers and apps before the bad guys do.