What Your Web Vulnerability Scanners Aren't Telling You
Offered By: YouTube
Course Description
Overview
Explore the limitations of automated web vulnerability scanners in this 41-minute conference talk from Louisville Infosec 2014. Delve into common vulnerabilities often overlooked by scanners, including logic flaws, insecure authentication practices, and access control issues. Learn about weak password policies, user enumeration, lack of account lockout, and password reset flaws. Discover defense strategies against account harvesting and insecure CAPTCHA implementations. Examine client-side concerns and the dangers of assuming web obscurity. Gain valuable insights and takeaways to enhance your web security practices beyond automated scanning.
Syllabus
Intro
Introductions
Background & Observations
Automated Web Vulnerability Scanners
Common Vulns Scanners Miss
Logic flaws
Logic flaw defense
Insecure Authentication: Weak Password Policy
Insecure Authentication: User Enumeration
Insecure Authentication: Lack of Account Lockout
Insecure Authentication: Password Reset Flaws
Account Harvesting Defense
InsecureCAPTCHA
Access Control & Privilege Escalation
Client-side concerns
Assumption of web obscurity
Takeaways
Reach Out
Related Courses
Authentication & Authorization: OAuthUdacity Desarrollo de Aplicaciones Web: Seguridad
University of New Mexico via Coursera Web Application Development: Security
University of New Mexico via Coursera Hacking and Patching
University of Colorado System via Coursera Fundamentals of Computer Network Security
University of Colorado System via Coursera