# 27/03/2018 - 18th Lecture ## Introduction to Vulnerability Research We had a bird's eye view on vulnerabilities in general and figured out that "Web Application Security" is probably a good niche for junior security researcher. We explained: - Reflected XSS. - Stored XSS (we explained what Cryptojacking is). - SQL Injection. - Command Injection - CSRF Know that there're many more such vulnerabilities and that you should definitely check out [OWASP's Top 10](https://www.owasp.org/index.php/Top_10-2017_Top_10). We went through `DEFCON`, `Blackhat` and `CCC` sessions - each found his own "cup of tea" and explained what they were about - e.g. SS7, HackRF, WPA2 Krack, Android Exploitation, etc. ## Google's XSS Challenge We began working on [Google's XSS Game](https://xss-game.appspot.com/) and solved the first and second challenges together. ## Reverse Engineering We explained what's reverse engineering and talked about reverse engineering tools such as `IDA`, `GHIDRA` and `radare2`. ## Challenges and CTFs (Capture The Flags) - Crackmes - Smashthestack - DVWA (Damn Vulnerable Web Application) - Hackthissite There're many more such challenges - just search for them ## Homework 1. Watch Mr. Robot. 2. Practice with https://www.typingclub.com. Reach at least 55WPM. 3. Prepare a 2-3 mins talk! 4. If you haven't done so already - create a CV using these templates: [https://docs.google.com/templates](https://docs.google.com/templates). Bring it to me for review. 5. Start sending your CV to companies! The Job search begins! :) 6. Do [Google's Python's Class](https://developers.google.com/edu/python/) please try to reach till "Dict and Files". <hr> Copyright 2019 Sagi Kedmi