WEB APPLICATION SECURITY AND BUG BOUNTY HUNTING WORKSHOP

Nov 5, 2022

Finite Loop Club, NMAMIT successfully conducted a hands-on workshop on 'Web Application Security and Bug Bounty Hunting' on 5 November 2022 at CSL10 (CPP LAB), NMAMIT. The resource person was Mr. Abdeali, Final Year, CSE (Ethical Hacking Head, Finite Loop Club). 

The workshop began by providing insight on Broken Authentication and its impact on application security. Other session management flaws which use weak or ineffective credential recovery such as "knowledge-based answers" and improper Invalidate Session IDs during logout or a period of inactivity were explained and the students were asked to check the presence of different flaws. 

The session then slowly progressed to introducing the students to vulnerabilities that exist in many applications. A detailed explanation and demonstration wasperformed on HTML injection and HTTP Parameter Pollution and its impact was highlighted. 

The session finally took a diversion into Burp Proxy and its actions acting as an intermediary between the client and the server. In the meantime, brute force attacks and an overview of OAuth Misconfiguration were conveyed. As an effective visualization, Abdeali performed live hacking by demonstrating 2 Factor Authentication (2FA) Bypass on a few websites which provided students with the needed knowledge to understand the concept. 

Finally, students were given a glimpse into 'How to kickstart your journey into Pentesting?'. They were introduced to different tools and certifications like PortSwigger Labs, TryHackMe, Medium Writeups, HackTheBox and Pentester Lab that would help them to get along with Ethical Hacking.

The workshop came to the end with a short note by Mr. Puneeth R P, Assistant Professor, Dept. of CSE (Faculty Coordinator of Finite Loop Club) to the participants on getting successfully trained on Application Security and Bug Bounty Hunting. He appreciated the initiative taken by Abdeali and congratulated the entire team of Finite Loop Club for the successful conduction.

The event was coordinated and organized by Ms. Padmashree, III CSE (Secretary, Finite Loop Club), and Ms. Ashwini, III CSE (Program Lead, Finite Loop Club). The volunteers present during the workshop were Bhargavi Nayak, Nagaraj Pandith, Apoorva Prabhu, Bhoomika Prabhu, AmoghMayya, Dhanish Suvarna, Karthik Acharya, Akash Rao, Vaishnavi K, Vaishnavi Prasad, Pawan, Nidheesha, Vidyesh, Prajwal Suvarna, Daivik Shetty, Swasthik Ashok Shetty, Ritesh Shetty, Shruthi Poojari. The faculty coordinators for the event were Mr. Puneeth R P and Mr. Shashank Shetty, Asst. Professors, Dept. of CSE.