Week 6: Unvalidated Parameters, Broken Access Control, and Broken Authentication

Readings:

http://cdn.ttgtmedia.com/rms/pdf/SearchSecurity.in_Burp_%20Suite_tutorial_Part_01.pdf

http://cdn.ttgtmedia.com/rms/pdf/SearchSecurity.in_Burp_%20Suite_tutorial_Part_02.pdf

http://cdn.ttgtmedia.com/rms/pdf/SearchSecurity.in_Burp_%20Suite_tutorial_Part_03.pdf

We will only use the functionality discussed in the first paper.

http://www.sans.org/reading-room/whitepapers/application/web-application-injection-vulnerabilities-web-app-039-s-security-nemesis-34247

http://www.sans.org/reading-room/whitepapers/application/web-application-security-for-managers-27