YoVDO

Modern Web Vulnerabilities 2020

Offered By: NDC Conferences via YouTube

Tags

NDC Conferences Courses Web Application Security Courses Insecure Deserialization Courses HTTP Request Smuggling Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore modern web vulnerabilities in this comprehensive conference talk from NDC Security. Delve into the evolution of lesser-known web application vulnerabilities that have gained prominence through bug bounty programs since 2018. Examine recurring issues and newly surfaced vulnerabilities, complete with live demonstrations. Gain insights into the causes of these bugs, learn detection techniques, and discover effective mitigation strategies. Cover topics such as insecure deserialization, server-side request forgery, edge side includes, JavaScript prototype pollution, API vulnerabilities, and HTTP request smuggling. Enhance your understanding of web security challenges and equip yourself with the knowledge to identify and eliminate these threats in your applications.

Syllabus

Intro
NDC Security 2018
Insecure Deserialization
SSRF - Server Side Request Forgery
Edge Side Includes
Reverse proxy with caching
Dangers of ESI Injection
Finding and stopping ESI injection
JavaScript prototypes
Example: Logger definition
Exploring prototypes
Prototypes are mutable!
Common JavaScript patterns
Attack vectors
Avoiding prototype pollution attacks
Common API Problems
Classic HTTP Request smuggling
Detection and protection


Taught by

NDC Conferences

Related Courses

HTTP Request Smuggling in 2020 - New Variants, New Defenses and New Challenges
Black Hat via YouTube HTTP Desync Attacks - Request Smuggling Reborn
Black Hat via YouTube Request Smuggling 101
NorthSec via YouTube Ekoparty #UniTalks Colombia - HTTP Request Smuggling
Ekoparty Security Conference via YouTube Practical Attacks Using HTTP Request Smuggling
NahamSec via YouTube