Video Description

This brief lesson introduces participants to the agenda of this module which will cover: Definition, Sample Code and Case study Demos: IDOR w/ files, IDOR with URLs, both show mitigation with tokenization Mitigations, countermeasures and defenses Lab and lab solutions

Course Modules

Secure Coding

Lab Setup

06:48
Part 1 Intro
05:28
Part 2 Lab Setup
13:14
Part 3 BurpSuite
03:17
Part 4 Mutillidae

Injections

01:27
Part 1 Intro
12:08
Part 2 Explanations
03:24
Part 3 SQL Injection Demo
02:37
Part 4 Command Injection Demo
06:58
Part 5 JSON Injection Demo
06:30
Part 6 Defenses
02:43
Part 7 Lab Solution

Session Management

01:13
Part 1 Intro
14:13
Part 2 Explanations
03:58
Part 3 CookieManipulation Demo
11:41
Part 4 Username Enum Demo
06:00
Part 5 BruteForce Demo
05:35
Part 6 Defenses
02:15
Part 7 Lab Solution 1
02:54
Part 8 Lab Solutions 2
03:03
Part 9 Lab Solutions 3

Cross Site Scripting

01:14
Part 1 Intro
10:27
Part 2 Explanations
05:23
Part 3 Reflected XSS HTML context Demo
10:44
Part 4 Reflected XSS JS context Demo
06:34
Part 5 Stored Demo
13:57
Part 6 Defenses
04:44
Part 7 Lab Solutions 1
02:57
Part 8 Lab Solutions 2

Direct Object Reference

01:12
Part 1 Intro
12:37
Part 2 Explanations
07:28
Part 3 IDOR files tokens Demo
04:23
Part 4 IDO urls tokens Demo
07:44
Part 5 Defenses
02:44
Part 6 Lab Solutions

Security Configuration

01:23
Part 1 Intro
08:40
Part 2 Explanations
05:05
Part 3 Dir Demo
05:32
Part 4 XXE Demo
07:54
Part 5 User Agent Demo
08:58
Part 6 Defenses
01:55
Part 7 Lab Solutions

Sensitive Data Exposure

01:29
Part 1 Intro
10:02
Part 2 Explanations
02:45
Part 3 Comments Demo
05:18
Part 4 HiddenPages Demo
08:41
Part 5 HTMLS Web Storage Demo
11:42
Part 6 Defenses

Function Level Access

01:08
Part 1 Intro
13:30
Part 2 Explanations
03:32
Part 3 Role Demo
06:46
Part 4 Defenses
05:31
Part 5 Missing FL AC Lab

Cross-site Request Forgery

01:05
Part 1 Intro
07:28
Part 2 Explanations
07:35
Part 3 CSRF JS Demo
06:45
Part 4 Entropy Demo
07:05
Part 5 CSRF Defenses
05:25
Part 6 CSRF Lab Solution
01:09
Part 1 Intro
05:40
Part 2 Explanations
04:51
Part 3 Libraries & CVSS Demo
04:31
Part 4 Defenses
04:28
Part 5 WebGoat Library CVSS Lab
00:59
Part 1 Intro
04:06
Part 2 Explanations
05:25
Part 3 Unvalidated URLs Demo
04:29
Part 4 Defenses
04:00
Part 5 JS redirect Lab
01:06
Part 1 Intro
11:43
Part 2 Explanations
09:49
Part 3 Classic BufferOverflow Demo
04:46
Part 4 Defenses
05:19
Part 5 WebGoat BO OffByOne Lab
01:09
Part 1 Intro
08:55
Part 2 Explanations
03:51
Part 3 FileUpload Demo
07:22
Part 4 Defenses
04:56
Part 5 WebGoat FileUpload Lab
01:16
Part 1 Intro
06:54
Part 2 Explanations
02:50
Part 3 Risky Resource Mgmt Demo
11:59
Part 4 Defenses
04:22
Part 5 Lab Defenses
01:06
Part 1 Intro
11:45
Part 2 Explanations
02:19
Part 3 JS Validation Bypass Demo
06:02
Part 4 Defenses
06:57
Part 5 HTTP Response Splitting Lab
00:57
Part 1 Intro
12:58
Part 2 Explanations
03:54
Part 3 Lab
01:00
Part 1 Intro
08:16
Part 2 Explanations
01:23
Part 1 Intro
25:50
Part 2 Explanations
10:20
Part 3 Card Game Demo
00:00
Secure Coding