Modern Web Vulnerabilities 2020
Offered By: NDC Conferences via YouTube
Course Description
Overview
Explore modern web vulnerabilities in this comprehensive conference talk from NDC Security. Delve into the evolution of lesser-known web application vulnerabilities that have gained prominence through bug bounty programs since 2018. Examine recurring issues and newly surfaced vulnerabilities, complete with live demonstrations. Gain insights into the causes of these bugs, learn detection techniques, and discover effective mitigation strategies. Cover topics such as insecure deserialization, server-side request forgery, edge side includes, JavaScript prototype pollution, API vulnerabilities, and HTTP request smuggling. Enhance your understanding of web security challenges and equip yourself with the knowledge to identify and eliminate these threats in your applications.
Syllabus
Intro
NDC Security 2018
Insecure Deserialization
SSRF - Server Side Request Forgery
Edge Side Includes
Reverse proxy with caching
Dangers of ESI Injection
Finding and stopping ESI injection
JavaScript prototypes
Example: Logger definition
Exploring prototypes
Prototypes are mutable!
Common JavaScript patterns
Attack vectors
Avoiding prototype pollution attacks
Common API Problems
Classic HTTP Request smuggling
Detection and protection
Taught by
NDC Conferences
Related Courses
Advanced Cyber Security Training: OWASP Top 10 and Web Application FundamentalsEC-Council via FutureLearn An Introduction to OWASP Top 10 Vulnerabilities
Udemy Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core
Pluralsight OWASP Top 10: #7 XSS and #8 Insecure Deserialization
LinkedIn Learning Previous OWASP Risks
Infosec via Coursera