YoVDO

Modern Web Vulnerabilities 2020

Offered By: NDC Conferences via YouTube

Tags

NDC Conferences Courses Web Application Security Courses Insecure Deserialization Courses HTTP Request Smuggling Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore modern web vulnerabilities in this comprehensive conference talk from NDC Security. Delve into the evolution of lesser-known web application vulnerabilities that have gained prominence through bug bounty programs since 2018. Examine recurring issues and newly surfaced vulnerabilities, complete with live demonstrations. Gain insights into the causes of these bugs, learn detection techniques, and discover effective mitigation strategies. Cover topics such as insecure deserialization, server-side request forgery, edge side includes, JavaScript prototype pollution, API vulnerabilities, and HTTP request smuggling. Enhance your understanding of web security challenges and equip yourself with the knowledge to identify and eliminate these threats in your applications.

Syllabus

Intro
NDC Security 2018
Insecure Deserialization
SSRF - Server Side Request Forgery
Edge Side Includes
Reverse proxy with caching
Dangers of ESI Injection
Finding and stopping ESI injection
JavaScript prototypes
Example: Logger definition
Exploring prototypes
Prototypes are mutable!
Common JavaScript patterns
Attack vectors
Avoiding prototype pollution attacks
Common API Problems
Classic HTTP Request smuggling
Detection and protection


Taught by

NDC Conferences

Related Courses

Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals
EC-Council via FutureLearn
An Introduction to OWASP Top 10 Vulnerabilities
Udemy
Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core
Pluralsight
OWASP Top 10: #7 XSS and #8 Insecure Deserialization
LinkedIn Learning
Previous OWASP Risks
Infosec via Coursera