##The Team Chad - Campbell - Darwin - Guil

##Our Mission Statement DBC teaches the students to write web applications in Ruby on Rails -- security can sometimes be considered an afterthought. Our team decided to make this our main focus, and illuminate the security flaws in some of the web apps we are writing.

This is a compendium of all of the information we have learned - the common exploits, the security tools used, and other useful tips from the web security world. This can be used as a point of reference for people interested in learning more about this important topic.

##Table of Contents ###Definitions The world of Web Security can be a scary place... Let us clear up some of your confusion by defining a few terms!

• Penetration Testing - What is this pentesting thing anyways?
• White Hat vs. Black Hat - Which hat do I wear?
• CVE's and 0-day's - Security holes for which no solution is currently available.
• Bug Bounties - Find exploits for fame and fortune!
• TOR & Deep Web - Quick overview of the Tor Project

###Common Exploits As a software developer, what do I need to know?

• Malware - Malware, virus, worm, etc.
• Social Engineering - Tricking people into breaking normal security procedures
• SQL Injection - SQL Injections can destroy your database.
• Man-in-the-middle Attacks - Intercept the traffic between two parties
• XSS - Injecting malicious client-side scripts into Web pages
• Sessions hijacking - Attackers stealing the cookies used to authenticate a user to a remote server.
• Fuzzing - Fuzzers automatically inject data into a program to detect bugs.
• Phishing - A Nigerian prince wants to give ME money?
• DDoS - Denial Of Service Attacks
• Access Point Spoofing ---Needs work
• Keyloggers - Keylogging software reads everything you type.

###Security Tools There are tons of security tools out there. These are just a few that we've spent time researching - there are many, many more.

• Burp - man-in-the-middle app with many modules
• recon-ng - regarded as one of the top tools for open source reconnaisance
• BeEF - a penetration testing tool that focuses on the web browser
• Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
• w3af - an open-source web application security scanner
• metasploit & kali linux - The Hacker's OS
• Browser Extensions - Turn your browser into a hacking machine

• HTTPS and SSL - enabling HTTPS over Rails and Sinatra

###Links & Misc.

• Websites where you can practice your hacking skills!
• General Guidelines
• WebApp Testing Learning
• Learning (A/V)
• WebApp Testing Theory
• Challenges
• Learning: (A/V) Metasploit Framework
• Senario Based Inf Testing
• Offensive Security Metaploit Course
• Challenges
• Anonymous