-
Notifications
You must be signed in to change notification settings - Fork 0
User Workflows
Valentin MAUREL edited this page May 24, 2025
·
1 revision
This application contains intentional security vulnerabilities for educational purposes. Never deploy in production environments.
graph TD
A[Access Application] --> B[Register Account]
B --> C[Login Successfully]
C --> D[Explore Interface]
D --> E[Read Security Info]
E --> F[Identify Vulnerabilities]
Steps:
- Navigate to application homepage
- Create a test user account
- Login with created credentials
- Browse available features
- Review OWASP ASVS vulnerability mapping
- Begin systematic vulnerability assessment
graph TD
A[Choose Vulnerability Category] --> B[Read Exploitation Guide]
B --> C[Set Up Testing Tools]
C --> D[Perform Manual Testing]
D --> E[Automated Scanning]
E --> F[Document Findings]
F --> G[Verify Exploitation]
Process:
- Select vulnerability type from sidebar
- Review relevant exploitation guide
- Configure testing tools (Burp Suite, SQLMap, etc.)
- Perform manual vulnerability testing
- Run automated security scans
- Document discovered vulnerabilities
- Verify successful exploitation
graph TD
A[Complete Exploitation] --> B[Understand Impact]
B --> C[Research Remediation]
C --> D[Practice Secure Coding]
D --> E[Verify Understanding]
graph TD
A[Launch Application] --> B[Demonstrate Vulnerability]
B --> C[Show Exploitation]
C --> D[Explain Impact]
D --> E[Discuss Remediation]
E --> F[Student Practice]
Teaching Steps:
- Deploy application in classroom environment
- Demonstrate specific vulnerability live
- Show real-time exploitation techniques
- Explain business/security impact
- Discuss proper remediation methods
- Guide student hands-on practice
graph TD
A[Select Learning Objectives] --> B[Choose Vulnerabilities]
B --> C[Create Test Scenarios]
C --> D[Prepare Assessment Criteria]
D --> E[Distribute to Students]
graph TD
A[Information Gathering] --> B[Vulnerability Scanning]
B --> C[Manual Testing]
C --> D[Exploitation]
D --> E[Post-Exploitation]
E --> F[Reporting]
Testing Phases:
- Reconnaissance: Gather application information
- Scanning: Automated vulnerability discovery
- Enumeration: Manual feature exploration
- Exploitation: Successful vulnerability exploitation
- Post-Exploitation: Assess impact and persistence
- Documentation: Create comprehensive report
graph TD
A[Configure Burp Suite] --> B[Set Up SQLMap]
B --> C[Prepare XSSHunter]
C --> D[Configure Nmap]
D --> E[Set Up Reporting Tools]
E --> F[Begin Testing]
graph TD
A[Examine Source Code] --> B[Identify Vulnerabilities]
B --> C[Understand Root Cause]
C --> D[Learn Secure Patterns]
D --> E[Practice Implementation]
Review Steps:
- Analyze vulnerable code sections
- Identify security weaknesses
- Understand why vulnerabilities exist
- Learn secure coding alternatives
- Practice implementing fixes
graph TD
A[Threat Modeling] --> B[Secure Design]
B --> C[Secure Implementation]
C --> D[Security Testing]
D --> E[Security Review]
E --> F[Deployment Hardening]
sequenceDiagram
participant U as User
participant F as Frontend
participant B as Backend
participant D as Database
U->>F: Visit registration page
F->>U: Display registration form
U->>F: Submit credentials
F->>B: POST /auth/register
B->>D: INSERT user data
D->>B: Confirm insertion
B->>F: Return success
F->>U: Redirect to login
sequenceDiagram
participant A as Attacker
participant F as Frontend
participant B as Backend
participant D as Database
A->>F: Visit login page
F->>A: Display login form
A->>F: Submit SQL injection payload
F->>B: POST /auth/login
B->>D: Execute vulnerable query
D->>B: Return admin user data
B->>F: Return JWT token
F->>A: Successful admin login
sequenceDiagram
participant U as User
participant F as Frontend
participant B as Backend
participant S as Storage
U->>F: Select file
F->>U: Show upload form
U->>F: Submit file
F->>B: POST /file/upload
B->>S: Store file
S->>B: Confirm storage
B->>F: Return file URL
F->>U: Display success
sequenceDiagram
participant A as Attacker
participant F as Frontend
participant B as Backend
participant S as Storage
participant OS as Operating System
A->>F: Select malicious file
F->>A: Show upload form
A->>F: Submit PHP shell
F->>B: POST /file/upload
B->>S: Store malicious file
A->>B: GET /file/execute
B->>OS: Execute uploaded file
OS->>B: Return command output
B->>A: System compromise
sequenceDiagram
participant A as Attacker
participant F as Frontend
participant B as Backend
participant D as Database
participant V as Victim
A->>F: Create malicious post
F->>B: POST /posts
B->>D: Store XSS payload
V->>F: View posts page
F->>B: GET /posts
B->>D: Retrieve posts
D->>B: Return XSS payload
B->>F: Send unescaped content
F->>V: Execute malicious script
graph TD
A[Identify Input Fields] --> B[Configure SQLMap]
B --> C[Test Login Endpoint]
C --> D[Discover Injection Point]
D --> E[Extract Database Schema]
E --> F[Dump User Data]
F --> G[Escalate Privileges]
SQLMap Commands:
# Initial discovery
sqlmap -u "http://localhost:3000/auth/login" --data="email=test&password=test" --batch
# Database enumeration
sqlmap -u "http://localhost:3000/auth/login" --data="email=test&password=test" --dbs
# Table dumping
sqlmap -u "http://localhost:3000/auth/login" --data="email=test&password=test" -D vulnerable_app --tables
# Data extraction
sqlmap -u "http://localhost:3000/auth/login" --data="email=test&password=test" -D vulnerable_app -T user --dumpgraph TD
A[Successful Exploitation] --> B[Assess Data Access]
B --> C[Test Privilege Escalation]
C --> D[Evaluate System Impact]
D --> E[Document Business Risk]
E --> F[Recommend Remediation]
Assessment Areas:
- Data Confidentiality: What sensitive data is accessible?
- Data Integrity: Can data be modified or deleted?
- System Availability: Can services be disrupted?
- Privilege Escalation: Can higher privileges be obtained?
- Lateral Movement: Can other systems be accessed?
graph TD
A[Identify Vulnerability] --> B[Research Secure Patterns]
B --> C[Implement Fix]
C --> D[Test Security Improvement]
D --> E[Verify Remediation]
E --> F[Document Best Practices]
Example Fix Implementation:
// Vulnerable code
const user = await this.userRepository.query(
`SELECT * FROM user WHERE email = '${email}' AND password = '${password}'`
);
// Secure implementation
const user = await this.userRepository.findOne({
where: { email, password: hashedPassword }
});graph TD
A[Basic Vulnerability Discovery] --> B[Manual Exploitation]
B --> C[Tool Automation]
C --> D[Advanced Techniques]
D --> E[Remediation Knowledge]
E --> F[Teaching Others]
Learning Progression:
- Beginner: Identify common vulnerabilities
- Intermediate: Perform manual exploitation
- Advanced: Automate testing with tools
- Expert: Develop custom exploits
- Master: Understand remediation and teach others
- Security Architecture - Understanding security design principles
- Testing Methodology - Systematic testing approaches
- Tools and Scripts - Automation and testing tools