Basic Web Applications Security
Offered By: code::dive conference via YouTube
Course Description
Overview
Explore basic web application security vulnerabilities and their prevention in this code::dive 2018 conference talk. Dive into SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) through live demonstrations and real-world examples. Learn how to detect, exploit, and fix these common security issues using a Java-based web application built with Spring Boot. Witness practical hacking techniques, including authentication bypass, database content retrieval, session hijacking, and unauthorized actions. Gain insights into effective protection methods such as parameter binding, encoding, and double submit cookies. Suitable for developers with basic programming knowledge in any language, this hands-on lecture provides essential skills for building more secure web applications.
Syllabus
Intro
SQL Injection: Did you know?
SQL Injection: Bypassing authentication
SQL Injection: Retrieving sensitive data
SQL Injection Protection
Parameters Binding: How does it work?
SQL Injection: Summary
Cross-Site Scripting (XSS)
Reflected XSS
XSS Payloads
XSS Protection: Encoding
XSS Example: Safari Books
XSS: Summary
Cross-Site Request Forgery (CSRF)
CSRF Example
CSRF Prevention: Double submit cookie
CSRF: Summary
Taught by
code::dive conference
Related Courses
From Developer to SW Architectcode::dive conference via YouTube Stop Writing Test Doubles You Are Using
code::dive conference via YouTube You Can Do Better! Presentations That Are Captivating
code::dive conference via YouTube What C and C++ Developers Can Learn from Rust
code::dive conference via YouTube Beautiful Python Refactoring II
code::dive conference via YouTube