Yaksas Security

Cyber Security Research

  • Yaksas Security Home
  • Home
  • Yaksas Security Classroom
  • Learn Adversary Emulation
  • Contact Yaksas
Web App Pentesting using BodgeIt Store (Part 1)

Uday Mittal February 4, 2020 Leave a Comment

Web App Pentesting using BodgeIt Store (Part 1)

This video shows how to set up the lab environment for this YCSC Let’s Learn series. It covers installing Docker on Kali Linux 2019.4, pulling and running the BodgeIt Store docker image from Docker Hub.
A virtual image of Kali Linux could be downloaded from https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/

What is BodgeIt Store?

A vulnerable web application aimed at beginners in web penetration testing

Technology stack:

  • Java
  • Servlet engine

Installation options:

  • Virtual Machine
  • Docker

GitHub Link: https://github.com/psiinon/bodgeit

Vulnerabilities

It includes the following vulnerabilities:

  • Cross Site Scripting
  • SQL injection
  • Hidden (but unprotected) content
  • Cross Site Request Forgery
  • Debug code
  • Insecure Object References
About the series
In this Let’s Learn series, we cover the web application penetration testing process end to end, from scoping to report. We will be using The BodgeIt Store, a beginner level vulnerable-by-design application, to demonstrate a complete penetration test.

Related Posts

  • SPN Scanning using ADSI (Part 3)SPN Scanning using ADSI (Part 3)
  • ADSISearcher (Part 2)ADSISearcher (Part 2)
mm
Uday Mittal

Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.

Filed Under: Skills Development Tagged With: bodgeit store, docker, ellitedevs, Kali Linux, penetration testing process, pentest, psiinon, web application penetration testing, web security, website hacking, yaksas

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

(ISC)2 Active directory adsecurity adsi adsisearcher adversary emulation Android attack active directory awareness blue whale challenge Certification CISSP Cloud security crte crtp cyber-warfare cybersecurity Cyber Security Cybersecurity books domain enumeration ethical hacking forest enumeration hacker Information Security ISACA Kali Linux Mobile Security Narendra Modi NSA offensive security Online Safety opsec Password Penetration Testing pentest powersploit Powerview privacy red team red teaming Risk Management Social Engineering user enumeration Wifi Windows

Top Posts

  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands
  • What is Adversary Emulation?
    What is Adversary Emulation?
  • Build Your Career in Cyber Security
    Build Your Career in Cyber Security
  • CISA: Everything You Need to Know
    CISA: Everything You Need to Know
  • Let there be no more MMS Scandals
    Let there be no more MMS Scandals
  • 7 Ways to Cover Your Device's Camera
    7 Ways to Cover Your Device's Camera

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress