Python is a brilliant language. It is known to be a lazy programming language which can be used to write codes small in number of lines, but able to do huge tasks. Today we will uncover some of these aspects.
We will understand how to use Python, and how to start writing code in Python. Quite obviously, folks who are already good at using Python can choose to skip this blog.
Anyway, to start off, we will have to first download the Python from the below mentioned link:
https://www.python.org/downloads/ [make sure you download the 2.7.3 version, as our post will revolve around the same]. You will also need fill out the form below to download the scripts we will be using:Install it in some directory, say, C:\ Python27\. Exploring this directory will show you a file named Python.exe, which will be used to run every program we write.
Once done with that, get a good Python editor. I personally use NotePad++, gives a light yet strong interface to write programs. This choice is completely up to you.
Another thing to understand about Python is the Python libraries. Python libraries are nothing but an extra resource of efficient codes written by someone else, but you can import them and use their functions to avoid spending time writing your own. For example, you can write a code to resolve an IP into name and spend a lot of time, or you can use the library and simply call a function, and write a more useful code out of it.
Anyway, good. Let’s not waste much time, and kick off.
Problem Statement: X application has a lot of URLs which should open only if the user is logged in. However, due to insufficient access controls, this is messed up, and as a Security Tester you are supposed to highlight all the URLs which are accessible without login.
Obviously there are lot of tools available for this, but remember we have to code our own. To do this, we will divide the whole task into small pieces so that you are able to learn it easy.