Ask HN: What are security exploits to try on personal wbsite?
I'm interested in getting hands-on-experience on applying security exploits to my personal website. I'm a developer, but know an embarrassingly little amount of applied security exploits. I'm curious about this.
From a previous post, it seems to me the suggestions for DDOS'ing (as a low-bar way to exploit) converge on hitting a expensive query/operation many times and this can be aided by various tools, such as botnets and load testing tools.
What about other "common" security exploits? ie, exploits that are commonly unprotected against and can cause damage to a website? Terminology: an exploit is a specific crafted process to complete a break-in using a vulnerability in the system. In your situation you are generally interested in scanning / testing for vulnerabilities, and possibly verifying it by actually exploiting it. I'd start with the OWASP top 10, https://owasp.org/Top10/
Depending on your tech stack and funtionality you could try SQL injection, CSRF or path traversal. Got any tips on how I might easily implement these?