Yaksas CSC

Your Guardian in the Cyber World

  • Yaksas CSC Home
  • Home
  • About Us
    • Overview
    • Why Yakṣas?
  • Got a Question?
    • Cyber Security Basics
    • Cyber Security Education & Career
    • How to stay safe?
  • Get Invloved
    • Write for Us
    • YCSC QnA Dialogue
    • Translate Articles
  • Contact Yakṣas
  • Press Release
    • NCSAM 2015 Champion
    • STOP. THINK. CONNECT. Partner
Web App Pentesting using BodgeIt Store (Part 1)

Uday Mittal February 4, 2020 Leave a Comment

Web App Pentesting using BodgeIt Store (Part 1)

This video shows how to set up the lab environment for this YCSC Let’s Learn series. It covers installing Docker on Kali Linux 2019.4, pulling and running the BodgeIt Store docker image from Docker Hub.
A virtual image of Kali Linux could be downloaded from https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/

What is BodgeIt Store?

A vulnerable web application aimed at beginners in web penetration testing

Technology stack:

  • Java
  • Servlet engine

Installation options:

  • Virtual Machine
  • Docker

GitHub Link: https://github.com/psiinon/bodgeit

Vulnerabilities

It includes the following vulnerabilities:

  • Cross Site Scripting
  • SQL injection
  • Hidden (but unprotected) content
  • Cross Site Request Forgery
  • Debug code
  • Insecure Object References
About the series
In this Let’s Learn series, we cover the web application penetration testing process end to end, from scoping to report. We will be using The BodgeIt Store, a beginner level vulnerable-by-design application, to demonstrate a complete penetration test.

Related Posts

  • SPN Scanning using ADSI (Part 3)SPN Scanning using ADSI (Part 3)
  • ADSISearcher (Part 2)ADSISearcher (Part 2)
mm
Uday Mittal

Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.

Filed Under: Skills Development Tagged With: bodgeit store, docker, ellitedevs, Kali Linux, penetration testing process, pentest, psiinon, web application penetration testing, web security, website hacking, yaksas

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

Active directory Active directory lab adsecurity adsi adsisearcher Android attack active directory awareness blue whale challenge Certification CISSP crte crtp cyber-warfare Cyber Security Cybersecurity books Cybersecurity Cannon domain enumeration Edward Snowden ellitedevs forest enumeration hacker Information Security ISACA Kali Linux lab environment Mass Surveillance Mobile Security Narendra Modi NSA offensive security Online Safety Password Penetration Testing pentest powersploit Powerview privacy red team red teaming Risk Management Social Media user enumeration Wifi Windows

Top Posts

  • ADSISearcher (Part 2)
    ADSISearcher (Part 2)
  • Red Team Operations Attack Lifecycle
    Red Team Operations Attack Lifecycle
  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands
  • Web App Pentesting using BodgeIt Store (Part 1)
    Web App Pentesting using BodgeIt Store (Part 1)
  • DCPP: Everything You Need to Know
    DCPP: Everything You Need to Know
  • YCSC QnA with Keith Pradeep Fernandez
    YCSC QnA with Keith Pradeep Fernandez

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress