Below is an analysis of the primary exploits found in Gruyere and the modern defenses used to mitigate them. 1. Cross-Site Scripting (XSS)
Navigate to the live "Gruyere" instance. Open your browser’s Developer Tools (F12). Try to delete another user's snippet just by guessing the URL. Try to change your own privilege level to "admin" by editing hidden form fields. gruyere learn web application exploits defenses top
Error handling and information minimization Below is an analysis of the primary exploits
If you must store data on the client, sign it with a secret key so the server can detect if it has been tampered with. 🗺️ Path Traversal gruyere learn web application exploits defenses top
