During my internship, I had the opportunity to work on a Website Hacking Project. The main goal was to understand how attackers exploit vulnerabilities in web applications, but more importantly, how defenders can implement strategies to reduce the risk of these attacks.
This project gave me a hands-on experience that connected both sides of cybersecurity: offense and defense.
- Vulnerabilities Explored
🔹 SQL Injection
I practiced injecting malicious SQL queries into input fields to gain unauthorized access to database content. This helped me understand how poor query handling can compromise sensitive information.
🔹 Command Injection
Through command injection, I learned how unvalidated user inputs could be used to execute system-level commands, potentially giving attackers deeper access to the server.
🔹 Login Bypassing
I explored techniques to bypass login forms by exploiting weak authentication mechanisms. This showed how fragile security can be if user validation isn’t properly enforced.
- Mitigation Methods Learned
Studying vulnerabilities is only half of the lesson — knowing how to prevent them is equally important.
🛡️ SQL Query Parameters
Using prepared statements and parameterized queries prevents malicious SQL injection attempts by ensuring input is treated as data, not code.
🛡️ Restricting Shell Privileges
By applying the principle of least privilege, even if a shell is compromised, attackers won’t gain full system control.
🛡️ Secure Configurations
Simple misconfigurations can open big doors to attackers. I practiced reviewing configurations to make sure systems are hardened against common attack vectors.
- Key Takeaways
Offensive skills help you think like an attacker and anticipate their moves.
Defensive practices ensure you can build resilience against real-world attacks.
Combining both perspectives provides a balanced mindset that is critical in red teaming.
Conclusion
This project was a strong reminder that cybersecurity is not just about finding vulnerabilities, but also about securing systems once the cracks are revealed.
It pushed me to see security as a cycle of continuous learning:
👉 Identify weaknesses
👉 Exploit ethically to understand them
👉 Mitigate to strengthen defenses
I’m excited to carry these lessons forward and continue building skills in both offensive and defensive security.
Top comments (0)