Make crAPI accessible on a network

Need to practice your API hacking skills? crAPI is for you. OWASP’s completely ridiculous API (crAPI) is one of several vulnerable apps you can set up as a target on your network. You’ll find installation instructions here. But there’s a catch. Once you have successfully run through the instructions, you will have a functioning...

What is directory traversal?

Some web applications give you access to directories containing files you are allowed to display or download. Imagine a web app that lets users share images of their custom skateboards or bikes. Images uploaded by the site’s users could be all stored in a given directory. If you click on one of these images,...

Your ideal Kali Linux setup

Even if you’re just barely scratching the surface of ethical hacking, I’m sure you’ve figured out that the very first skill you need to acquire is using Linux. If you don’t already have some good practical knowledge of Linux, this should be your prime focus. You’ve also likely read or heard about Kali Linux...

What is an IDOR?

IDOR means Insecure Direct Object Reference. It’s one of the easier web application vulnerabilities to understand (or at least, the basic concept is). An IDOR happens when a user of a web site can find ways to access pages and data that belong to a different user on the same site, by changing a...

What is a command injection?

Web applications sometimes use system commands as part of their features. Imagine a web application that lets you enter an IP address, then pings this address to check if the host is accessible. In order to do this, the app could maybe use the ping command to do the job. Bottom line: a web app...

Scroll to top