# 27/03/2018 - 18th Lecture

## Introduction to Vulnerability Research

We had a bird's eye view on vulnerabilities in general and figured out
that "Web Application Security" is probably a good niche for junior security
researcher.

We explained:

- Reflected XSS.
- Stored XSS (we explained what Cryptojacking is).
- SQL Injection.
- Command Injection
- CSRF

Know that there're many more such vulnerabilities and that you should definitely
check out  [OWASP's Top 10](https://www.owasp.org/index.php/Top_10-2017_Top_10).

We went through `DEFCON`, `Blackhat` and `CCC` sessions - each found his own
"cup of tea" and explained what they were about - e.g. SS7, HackRF, WPA2 Krack,
Android Exploitation, etc.

## Google's XSS Challenge

We began working on [Google's XSS Game](https://xss-game.appspot.com/) and
solved the first and second challenges together.


## Reverse Engineering

We explained what's reverse engineering and talked about reverse engineering
tools such as `IDA`, `GHIDRA` and `radare2`.

## Challenges and CTFs (Capture The Flags)

- Crackmes
- Smashthestack
- DVWA (Damn Vulnerable Web Application)
- Hackthissite

There're many more such challenges - just search for them


## Homework
1. Watch Mr. Robot.

2. Practice with https://www.typingclub.com. Reach at least 55WPM.

3. Prepare a 2-3 mins talk!

4. If you haven't done so already - create a CV using these templates: [https://docs.google.com/templates](https://docs.google.com/templates).
Bring it to me for review.

5. Start sending your CV to companies! The Job search begins! :)

6.  Do [Google's Python's Class](https://developers.google.com/edu/python/)
please try to reach till "Dict and Files".

<hr>
Copyright 2019 Sagi Kedmi