Beyond OWASP Top 10 by Aaron Hnatiw - Hack in Paris - 2017
Offered By: Hack in Paris via YouTube
Course Description
Overview
Explore five dangerous web application vulnerabilities beyond the OWASP Top 10 in this 45-minute conference talk from Hack in Paris 2017. Delve into the intricacies of Output Encoding, Regular Expressions, Server Side Request Forgery, and more, as Aaron Hnatiw provides both exploitation techniques and mitigation strategies for each vulnerability. Learn how these lesser-known security risks can impact web applications and gain valuable insights for developers and pentesters alike. Discover practical testing methods, defense mechanisms, and the importance of protocol whitelisting to enhance your web application security knowledge beyond standard categorizations.
Syllabus
Intro
What is Top 10
Coverage
CWE
Vulnerability Testing
Output Encoding
Regular Expressions
Server Side Request forgery
Bypass firewalls
Google Digg vulnerability
How to test for serverside request forgery
How to defend against serverside request forgery
Whitelisting protocols
Review
Taught by
Hack in Paris
Related Courses
NetflOSINT- Taking an Often-Overlooked Data Source and Operationalizing It - Joe Gray - Hack in ParisHack in Paris via YouTube All Roads Lead to OpenVPN Pwning Industrial Remote Access Clients - Sharon Brizinov - Hack in Paris - 2021
Hack in Paris via YouTube Exploits in Wetware - R. Sell - Hack in Paris - 2019
Hack in Paris via YouTube All Your GPS Trackers Belong to Us - C. Kasmi, P. Barre - Hack in Paris - 2019
Hack in Paris via YouTube In NTDLL I Trust - Process Reimaging and Endpoint Security Solution Bypass - E. Carroll - Hack in Paris - 2019
Hack in Paris via YouTube