YoVDO

Modern Web Application Bugs

Offered By: NDC Conferences via YouTube

Tags

NDC Conferences Courses GraphQL Courses Web Application Security Courses Vulnerability Assessment Courses Insecure Deserialization Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore modern web application vulnerabilities in this comprehensive conference talk. Delve into emerging security issues gaining popularity through bug bounty programs. Walk through lesser-known and new vulnerability classes, understanding how they manifest in contemporary web applications. Learn detection techniques and mitigation strategies for these threats. Cover topics including Blind XXE, JSON serialization, deserialization attack gadgets, custom deserialization attacks, template injection, server-side request forgery (SSRF), subdomain takeover, web cache poisoning, and GraphQL gotchas. Gain insights into common mistakes, protection methods, and testing approaches for each vulnerability type. Discover the underlying causes and complexities of these security issues, including tricky headers and IP address blacklisting challenges. Benefit from practical examples, crowd demonstrations, and valuable resources to enhance your web application security knowledge.

Syllabus

about me
Blind XXE
Stopping XXE
JSON serialization
Deserialization Attack Gadgets
Custom deserialization attacks
Underlying cause
Stopping insecure deserialization
Templating frameworks
Testing for template injection
Stopping template injection
Common mistakes
Server side requests
SSRF - Server-Side Request Forgery
SSRF - internal services
IP-adresses - Blacklisting is hard...
Broken URL parsing
Protection
Subdomain takeover/hijacking
Cloud services
Example
Subdomain takeover - Impact
Crowd demo
Tricky headers
Complicating the attack
Stopping web cache poisoning
What is this?
GraphQL gotchas
Resources


Taught by

NDC Conferences

Related Courses

Web Security Academy Learning Path
PortSwigger via Independent
OWASP Top 10: #7 XSS and #8 Insecure Deserialization
LinkedIn Learning
Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals
EC-Council via FutureLearn
Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core
Pluralsight
Specialized Testing: Deserialization
Pluralsight