Introduction

What do you need to access a web application?

Browser

Web Application Security Risks

You discovered that the login page allows an unlimited number of login attempts without trying to slow down the user or lock the account. What is the category of this security risk?

Identification and Authentication Failure

You noticed that the username and password are sent in cleartext without encryption. What is the category of this security risk?

Cryptographic Failures

Practical Example of Web Application Security

Deploy the site and change the tab to the "Your Activity"-tab. Change the "user_id" value to 9 and you will see the user that made all changes in the inventory. Revert all changes and you get the flag.

**THM{IDOR_EXPLORED} **