Modern Web Application Bugs
Offered By: NDC Conferences via YouTube
Course Description
Overview
Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore modern web application vulnerabilities in this comprehensive conference talk. Delve into emerging security issues gaining popularity through bug bounty programs. Walk through lesser-known and new vulnerability classes, understanding how they manifest in contemporary web applications. Learn detection techniques and mitigation strategies for these threats. Cover topics including Blind XXE, JSON serialization, deserialization attack gadgets, custom deserialization attacks, template injection, server-side request forgery (SSRF), subdomain takeover, web cache poisoning, and GraphQL gotchas. Gain insights into common mistakes, protection methods, and testing approaches for each vulnerability type. Discover the underlying causes and complexities of these security issues, including tricky headers and IP address blacklisting challenges. Benefit from practical examples, crowd demonstrations, and valuable resources to enhance your web application security knowledge.
Syllabus
about me
Blind XXE
Stopping XXE
JSON serialization
Deserialization Attack Gadgets
Custom deserialization attacks
Underlying cause
Stopping insecure deserialization
Templating frameworks
Testing for template injection
Stopping template injection
Common mistakes
Server side requests
SSRF - Server-Side Request Forgery
SSRF - internal services
IP-adresses - Blacklisting is hard...
Broken URL parsing
Protection
Subdomain takeover/hijacking
Cloud services
Example
Subdomain takeover - Impact
Crowd demo
Tricky headers
Complicating the attack
Stopping web cache poisoning
What is this?
GraphQL gotchas
Resources
Taught by
NDC Conferences
Related Courses
Web Security Academy Learning PathPortSwigger via Independent OWASP Top 10: #7 XSS and #8 Insecure Deserialization
LinkedIn Learning Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals
EC-Council via FutureLearn Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core
Pluralsight Specialized Testing: Deserialization
Pluralsight