Server-side security war games: Part 1

Use the username “natas1” and the password you uncovered at level 0 to get in.

Let’s try the same trick as before – only now you can’t right-click. Instead, use CTRL-U to view source, and get the password for the next level.

Lessons learned

Again, this level was easy, but it’s important to understand that people aren’t required to behave the way you want when using your website. Doing validation in client-side javascript, or disabling right-click isn’t going to be effective, so don’t use it for anything security-sensitive.

See you at level 2 shortly.