Max Level Web App Security - Attacks, Exploits, and Response Strategies
Offered By: YouTube
Course Description
Overview
Learn about advanced web application security techniques in this 42-minute conference talk from BSides Las Vegas 2012. Explore the lifecycle of exploits, specific attacks against software, and PHP-CGI remote code execution. Dive into attack response strategies, incident handling, and auditing practices, including file system monitoring and cleanup techniques. Examine attacker motivations, backdoor evolution, and methods for detecting and analyzing malicious code. Gain insights into .htaccess infections, IP address tracking, and advanced backdoor techniques such as variable function calls. Enhance your web security knowledge with practical examples and recommendations for further reading.
Syllabus
Intro
Break Down
Collecting data
Trend data sets
Attacks!
Specific attacks against software
Life-cycle of an exploit
Theory about this trend...
PHP-CGI remote code execution
Attack Response
Attack sources
A little about incident response
Response breakdown
Standard approach
Auditing nitty gritty
File System Monitoring
Using find to cleanup
Attacker Motivation
Example.htaccess infection
Registrars
IP address
Backdoor evolution
Collection
Getting backdoors from attack logs
Dead Simple
Base64 decode
Regex revenge
Variables as functions
Backdoor Conclusions
Further Reading
Related Courses
Information Security Management in a NutshellSAP Learning Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
(ISC)² via Coursera Enterprise Security Fundamentals
Microsoft via edX Planning a Security Incident Response
Microsoft via edX Introduction to Cybersecurity
Udacity