I recently tackled the Natas Wargames by OverTheWire, following my completion of the Bandit series. While Bandit focused on the fundamentals of Linux and system administration, Natas shifted its focus toward Web Application Security. This transition provided deep insight into how modern web servers and applications function under the hood. Throughout this challenge, I explored fundamental server-side vulnerabilities, HTTP request manipulation, and gained an appreciation for secure coding practices. I would like to share my journey, the concepts I mastered, and the highlights and challenges I encountered along the way.
Highlights
In the process of trying to solve the problems, going over resources on web vulnerabilities, and reading documentation and write ups on certain levels, I frequently saw Burp Suite being used as an essential tool for analysis and for intercepting or manipulating network traffic and requests. Seeing that some of these levels utilized Burp Suite, I had to learn how to navigate the software, and I found it genuinely enjoyable to master its features. Getting hands-on experience with intercepting traffic and applying concepts like URL encoding to bypass client-side input restrictions was a fun and highly educational process.
I was also able to learn a lot of concepts regarding web vulnerabilities and strategies to exploit these vulnerabilities such as the robots.txt used in websites to avoid web crawling, Session Injections, Command Injections, SQL Injections as well as Blind SQL Injections, Brute Forcing, Deserialization, and a little bit of Cryptography which was used in some levels.
As I progressed toward the later levels, the challenges shifted to the Perl programming language, which forced me to learn its specific syntax and functions. Through this, I realized that programming languages are functionally similar in many ways. The vulnerabilities I encountered in levels that used PHP were often present in Perl as well, simply manifesting through different mechanisms. This series also taught me the vital importance of reading official documentation, as many solutions hinged on understanding the specific security implications of a language's syntax and how it can be misused.
Lowlights
I found my self being stuck on a lot of these levels without really knowing what to do next apart from what I already knew. So, I found myself relying on solutions and write ups made by people who tried and solve these problems as well. What I realized was that reading how people approached these problems gave a lot more insight than AI ever could. It showed their very unique thought processes and showed technique that differed from one another which also made me realize another thing, Problems can be approached a whole lot of different ways.
On the note of being stuck on many different levels, I realized that I really still lacked a lot of knowledge on how web servers worked which made me wake up to the technical level that I am currently at. That fact gives me a lot of hope, it signifies that I still have a lot to learn and a lot ahead of me in terms of exploration and discovery.
Conclusion
Finishing Natas really changed how I look at websites and, more importantly, how I approach creating them. I stopped seeing them as just static pages to click through and started seeing them as interconnected puzzles where every single input field is a potential vulnerability.
Ultimately, this challenge made me a better developer by forcing me to learn the ins and outs of security. Understanding these vulnerabilities from the inside out has changed how I write code, Iām no longer just building for functionality, but also keeping in the back of my mind that it could be penetrated maliciously. Being aware of these common pitfalls and knowing how to prevent them allows me to design more secure applications.
Top comments (0)