Video Description

In this lab-based lesson, participants learn how to use the FireFox plugin TamperData to accomplish the task which is to be able to login to a financial account as a different user in order to obtain a transaction number and access data. Participants learn how to tamper with data and manipulate in the hidden field (in this case changing Joe to Jane). This shows how easy it is to spoof data.

Course Modules

Secure Coding

Lab Setup

06:48
Part 1 Intro
05:28
Part 2 Lab Setup
13:14
Part 3 BurpSuite
03:17
Part 4 Mutillidae

Injections

01:27
Part 1 Intro
12:08
Part 2 Explanations
03:24
Part 3 SQL Injection Demo
02:37
Part 4 Command Injection Demo
06:58
Part 5 JSON Injection Demo
06:30
Part 6 Defenses
02:43
Part 7 Lab Solution

Session Management

01:13
Part 1 Intro
14:13
Part 2 Explanations
03:58
Part 3 CookieManipulation Demo
11:41
Part 4 Username Enum Demo
06:00
Part 5 BruteForce Demo
05:35
Part 6 Defenses
02:15
Part 7 Lab Solution 1
02:54
Part 8 Lab Solutions 2
03:03
Part 9 Lab Solutions 3

Cross Site Scripting

01:14
Part 1 Intro
10:27
Part 2 Explanations
05:23
Part 3 Reflected XSS HTML context Demo
10:44
Part 4 Reflected XSS JS context Demo
06:34
Part 5 Stored Demo
13:57
Part 6 Defenses
04:44
Part 7 Lab Solutions 1
02:57
Part 8 Lab Solutions 2

Direct Object Reference

01:12
Part 1 Intro
12:37
Part 2 Explanations
07:28
Part 3 IDOR files tokens Demo
04:23
Part 4 IDO urls tokens Demo
07:44
Part 5 Defenses
02:44
Part 6 Lab Solutions

Security Configuration

01:23
Part 1 Intro
08:40
Part 2 Explanations
05:05
Part 3 Dir Demo
05:32
Part 4 XXE Demo
07:54
Part 5 User Agent Demo
08:58
Part 6 Defenses
01:55
Part 7 Lab Solutions

Sensitive Data Exposure

01:29
Part 1 Intro
10:02
Part 2 Explanations
02:45
Part 3 Comments Demo
05:18
Part 4 HiddenPages Demo
08:41
Part 5 HTMLS Web Storage Demo
11:42
Part 6 Defenses

Function Level Access

01:08
Part 1 Intro
13:30
Part 2 Explanations
03:32
Part 3 Role Demo
06:46
Part 4 Defenses
05:31
Part 5 Missing FL AC Lab

Cross-site Request Forgery

01:05
Part 1 Intro
07:28
Part 2 Explanations
07:35
Part 3 CSRF JS Demo
06:45
Part 4 Entropy Demo
07:05
Part 5 CSRF Defenses
05:25
Part 6 CSRF Lab Solution
01:09
Part 1 Intro
05:40
Part 2 Explanations
04:51
Part 3 Libraries & CVSS Demo
04:31
Part 4 Defenses
04:28
Part 5 WebGoat Library CVSS Lab
00:59
Part 1 Intro
04:06
Part 2 Explanations
05:25
Part 3 Unvalidated URLs Demo
04:29
Part 4 Defenses
04:00
Part 5 JS redirect Lab
01:06
Part 1 Intro
11:43
Part 2 Explanations
09:49
Part 3 Classic BufferOverflow Demo
04:46
Part 4 Defenses
05:19
Part 5 WebGoat BO OffByOne Lab
01:09
Part 1 Intro
08:55
Part 2 Explanations
03:51
Part 3 FileUpload Demo
07:22
Part 4 Defenses
04:56
Part 5 WebGoat FileUpload Lab
01:16
Part 1 Intro
06:54
Part 2 Explanations
02:50
Part 3 Risky Resource Mgmt Demo
11:59
Part 4 Defenses
04:22
Part 5 Lab Defenses
01:06
Part 1 Intro
11:45
Part 2 Explanations
02:19
Part 3 JS Validation Bypass Demo
06:02
Part 4 Defenses
06:57
Part 5 HTTP Response Splitting Lab
00:57
Part 1 Intro
12:58
Part 2 Explanations
03:54
Part 3 Lab
01:00
Part 1 Intro
08:16
Part 2 Explanations
01:23
Part 1 Intro
25:50
Part 2 Explanations
10:20
Part 3 Card Game Demo
00:00
Secure Coding