Video Description

In this lesson, participants receive a demonstration of a brute force attack. Using the mutilliidea application, participants receive step by step instructions in how to brute force attack an administrative account. After the attack runs, the instructor presents the results to participants and explains which accounts she was able to access via the attack.

Course Modules

Secure Coding

Introduction

06:48
Part 1 Intro
05:28
Part 2 Lab Setup
13:14
Part 3 BurpSuite
03:17
Part 4 Mutillidae

Module 01 OWASP Top 10 A1 Injection

01:27
Part 1 Intro
12:08
Part 2 Explanations
03:24
Part 3 SQL Injection Demo
02:37
Part 4 Command Injection Demo
06:58
Part 5 JSON Injection Demo
06:30
Part 6 Defenses
02:43
Part 7 Lab Solution

Module 02 OWASP Top 10 A2 Broken Authentication and Session Management

01:13
Part 1 Intro
14:13
Part 2 Explanations
03:58
Part 3 CookieManipulation Demo
11:41
Part 4 Username Enum Demo
06:00
Part 5 BruteForce Demo
05:35
Part 6 Defenses
02:15
Part 7 Lab Solution 1
02:54
Part 8 Lab Solutions 2
03:03
Part 9 Lab Solutions 3

Module 03 OWASP Top 10 A3 Cross-site Scripting

01:14
Part 1 Intro
10:27
Part 2 Explanations
05:23
Part 3 Reflected XSS HTML context Demo
10:44
Part 4 Reflected XSS JS context Demo
06:34
Part 5 Stored Demo
13:57
Part 6 Defenses
04:44
Part 7 Lab Solutions 1
02:57
Part 8 Lab Solutions 2

Module 04 OWASP Top 10 A4 Insecure Direct Object Reference

01:12
Part 1 Intro
12:37
Part 2 Explanations
07:28
Part 3 IDOR files tokens Demo
04:23
Part 4 IDO urls tokens Demo
07:44
Part 5 Defenses
02:44
Part 6 Lab Solutions

Module 05 OWASP Top 10 A5 Security Misconfiguration

01:23
Part 1 Intro
08:40
Part 2 Explanations
05:05
Part 3 Dir Demo
05:32
Part 4 XXE Demo
07:54
Part 5 User Agent Demo
08:58
Part 6 Defenses
01:55
Part 7 Lab Solutions

Module 06 OWASP Top 10 A6 Sensitive Data Exposure

01:29
Part 1 Intro
10:02
Part 2 Explanations
02:45
Part 3 Comments Demo
05:18
Part 4 HiddenPages Demo
08:41
Part 5 HTMLS Web Storage Demo
11:42
Part 6 Defenses

Module 07 OWASP Top 10 A7 Missing Function Level Access Control

01:08
Part 1 Intro
13:30
Part 2 Explanations
03:32
Part 3 Role Demo
06:46
Part 4 Defenses
05:31
Part 5 Missing FL AC Lab

Module 08 OWASP Top 10 A8 Cross-site Request Forgery

01:05
Part 1 Intro
07:28
Part 2 Explanations
07:35
Part 3 CSRF JS Demo
06:45
Part 4 Entropy Demo
07:05
Part 5 CSRF Defenses
05:25
Part 6 CSRF Lab Solution

Module 09 OWASP Top 10 A9 Using Components with Known Vulns

01:09
Part 1 Intro
05:40
Part 2 Explanations
04:51
Part 3 Libraries & CVSS Demo
04:31
Part 4 Defenses
04:28
Part 5 WebGoat Library CVSS Lab

Module 10 OWASP Top 10 A10 Unvalidated Redirects and Forwards

00:59
Part 1 Intro
04:06
Part 2 Explanations
05:25
Part 3 Unvalidated URLs Demo
04:29
Part 4 Defenses
04:00
Part 5 JS redirect Lab

Module 11 CWE SANS Top 25 Buffer Overflows

01:06
Part 1 Intro
11:43
Part 2 Explanations
09:49
Part 3 Classic BufferOverflow Demo
04:46
Part 4 Defenses
05:19
Part 5 WebGoat BO OffByOne Lab

Module 12 CWE SANS Top 25 Insecure Interaction Between Components

01:09
Part 1 Intro
08:55
Part 2 Explanations
03:51
Part 3 FileUpload Demo
07:22
Part 4 Defenses
04:56
Part 5 WebGoat FileUpload Lab

Module 13 CWE SANS Top 25 Risky Resource Management

01:16
Part 1 Intro
06:54
Part 2 Explanations
02:50
Part 3 Risky Resource Mgmt Demo
11:59
Part 4 Defenses
04:22
Part 5 Lab Defenses

Module 14 CWE SANS Top 25 Porous Defenses

01:06
Part 1 Intro
11:45
Part 2 Explanations
02:19
Part 3 JS Validation Bypass Demo
06:02
Part 4 Defenses
06:57
Part 5 HTTP Response Splitting Lab

Module 15 Honorable Mentions

00:57
Part 1 Intro
12:58
Part 2 Explanations
03:54
Part 3 Lab

Module 16 Active Defenses

01:00
Part 1 Intro
08:16
Part 2 Explanations

Module 17 Threat Modeling

01:23
Part 1 Intro
25:50
Part 2 Explanations
10:20
Part 3 Card Game Demo

Instructed By

Instructor Profile Image
Sunny Wear
Instructor