I've had an idea for a post tickling my brain, though I've mostly been focused on soaking up as much info as I can on how to find web vulnerabilties.
I've discovered that while the labs are kind of fun, you know exactly what you're looking for (it's often in the name of the lab), and when I go look at a real site the experience is - different.
I think I want to come up with a more systemic way of checking things. The site I was looking at may or may not have any vulnerabilities, and tbh it seems a bit more complicated than what I've been seeing in the labs. Still, I think that's part of what makes it good experience.
I saw something that I vaguely remembered had potential, went looking through my notes and spent most of today working on the labs for a Server Side Request Forger (SSRF). Then took that knowledge and tried checking for it, which (fortunately or unfortunately, depending on your perspective) doesn't look like it's actually a concern.
Anyways, it's still a large amount of information to take in, but the more I absorb the sooner things will start clicking.
And since the potential post is a totally different topic, I'll leave this update as is and see what comes out next.
No comments:
Post a Comment