Course Content

Module 1: Introduction

06:48
1.1 Intro
05:28
1.2 Lab Setup
13:14
1.3 BurpSuite
03:17
1.4 Mutillidae

Module 2: OWASP Top 10 A1 Injection

01:27
2.1 Intro
12:08
2.2 Explanations
03:24
2.3 SQL Injection Demo
02:37
2.4 Command Injection Demo
06:58
2.5 JSON Injection Demo
06:30
2.6 Defenses
02:43
2.7 Lab Solution

Module 3: OWASP Top 10 A2 Broken Authentication and Session Management

01:13
3.1 Intro
14:13
3.2 Explanations
03:58
3.3 CookieManipulation Demo
11:41
3.4 Username Enum Demo
06:00
3.5 BruteForce Demo
05:35
3.6 Defenses
02:15
3.7 Lab Solution 1
02:54
3.8 Lab Solutions 2
03:03
3.9 Lab Solutions 3

Module 4: OWASP Top 10 A3 Cross-site Scripting

01:14
4.1 Intro
10:27
4.2 Explanations
05:23
4.3 Reflected XSS HTML context Demo
10:44
4.4 Reflected XSS JS context Demo
06:34
4.5 Stored Demo
13:57
4.6 Defenses
04:44
4.7 Lab Solutions 1
02:57
4.8 Lab Solutions 2

Module 5: OWASP Top 10 A4 Insecure Direct Object Reference

01:12
5.1 Intro
12:37
5.2 Explanations
07:28
5.3 IDOR files tokens Demo
04:23
5.4 IDO urls tokens Demo
07:44
5.5 Defenses
02:44
5.6 Lab Solutions

Module 6: OWASP Top 10 A5 Security Misconfiguration

01:23
6.1 Intro
08:40
6.2 Explanations
05:05
6.3 Dir Demo
05:32
6.4 XXE Demo
07:54
6.5 User Agent Demo
08:58
6.6 Defenses
01:55
6.7 Lab Solutions

Module 7: OWASP Top 10 A6 Sensitive Data Exposure

01:29
7.1 Intro
10:02
7.2 Explanations
02:45
7.3 Comments Demo
05:18
7.4 HiddenPages Demo
08:41
7.5 HTMLS Web Storage Demo
11:42
7.6 Defenses

Module 8: OWASP Top 10 A7 Missing Function Level Access Control

01:08
8.1 Intro
13:30
8.2 Explanations
03:32
8.3 Role Demo
06:46
8.4 Defenses
05:31
8.5 Missing FL AC Lab

Module 9: OWASP Top 10 A8 Cross-site Request Forgery

01:05
9.1 Intro
07:28
9.2 Explanations
07:35
9.3 CSRF JS Demo
06:45
9.4 Entropy Demo
07:05
9.5 CSRF Defenses
05:25
9.6 CSRF Lab Solution

Module 10: OWASP Top 10 A9 Using Components with Known Vulns

01:09
10.1 Intro
05:40
10.2 Explanations
04:51
10.3 Libraries & CVSS Demo
04:31
10.4 Defenses
04:28
10.5 WebGoat Library CVSS Lab

Module 11: OWASP Top 10 A10 Unvalidated Redirects and Forwards

00:59
11.1 Intro
04:06
11.2 Explanations
05:25
11.3 Unvalidated URLs Demo
04:29
11.4 Defenses
04:00
11.5 JS redirect Lab

Module 12: CWE SANS Top 25 Buffer Overflows

01:06
12.1 Intro
11:43
12.2 Explanations
09:49
12.3 Classic BufferOverflow Demo
04:46
12.4 Defenses
05:19
12.5 WebGoat BO OffByOne Lab

Module 13: CWE SANS Top 25 Insecure Interaction Between Components

01:09
13.1 Intro
08:55
13.2 Explanations
03:51
13.3 FileUpload Demo
07:22
13.4 Defenses
04:56
13.5 WebGoat FileUpload Lab

Module 14: CWE SANS Top 25 Risky Resource Management

01:16
14.1 Intro
06:54
14.2 Explanations
02:50
14.3 Risky Resource Mgmt Demo
11:59
14.4 Defenses
04:22
14.5 Lab Defenses

Module 15: CWE SANS Top 25 Porous Defenses

01:06
15.1 Intro
11:45
15.2 Explanations
02:19
15.3 JS Validation Bypass Demo
06:02
15.4 Defenses
06:57
15.5 HTTP Response Splitting Lab

Module 16: Honorable Mentions

00:57
16.1 Intro
12:58
16.2 Explanations
03:54
16.3 Lab

Module 17: Active Defenses

01:00
17.1 Intro
08:16
17.2 Explanations

Module 18: Threat Modeling

01:23
18.1 Intro
25:50
18.2 Explanations
10:20
18.3 Card Game Demo

Course Description

About Cybrary's Secure Coding Training Course


In this course, participants are introduced to the primary best practices of Secure Coding, including the following: • Lab Tools, vulnerable web apps OWASP Top 10 for 2013 • SANS Top 25 for 2011 • Active Defenses • Threat Modelling Knowing the principles behind secure coding carries a variety of benefits to individuals and employees who are writing code and building applications / software products. Some of the main benefits include: • Protection of applications • Protection of Intellectual property • Protection of Business Reputation • Government mandates (eg PCI_DSS/PA-DSS) The instructor also discusses how secure coding is important when it comes to lowering risk and vulnerabilities. Learn about XSS, Direct Object Reference, Data Exposure, Buffer Overflows, Resource Management, Active Defenses, and Threat Modeling. If you know what these vulns look like, then you will have a better chance of engineering products that prevent against them. This secure coding course is a non-language specific class that EVERY engineer should take! Instructor: @sunnywear Course Length: 9.5 hours Do you know someone who could benefit from this training class? Email them an invite and they can join you, and you earn cybytes!