Security+ Study Session 2 July 2020: bWAPP and Bee Box
In today’s study session, I will show you how to install Bee Box to use bWAPP.
bWAPP is an intentionally buggy web application. It is used to practice exploits and commonly used attacks.
Bee Box is a fully configured virtual machine that includes bWAPP and is the easiest way to get started.
You can install Bee Box using Oracle VirtualBox, VMWare or any virtual machine.
In today’s session I show you how to install Bee Box using VMWare, the same program we use to run Kali Linux.
With bWAPP, you can practice many different web application attacks. This includes attacks listed in the Open Web Application Security Project (OWASP) top 10.
OWASP is an open community designed to help organizations develop secure web applications. Every few years OWASP publishes a top ten list of the most common web application attacks.
Their current list was developed in 2017 and lists the following attacks:
– Broken Authentication
– Sensitive Data Exposure
– XML External Entities (XXE)
– Broken Access Control
– Security Misconfiguration
– Cross-Site Scripting (XSS)
– Insecure Deserialization
– Using Components with Known Vulnerabilities
– Insufficient Logging and Monitoring
OWASP publishes a PDF that explains each of these attacks in detail. You can find a copy by clicking here.
If you have any questions or would like to see a particular attack demonstrated, please leave a comment below.