Security For Developers - An Offensive Approach
Security For Developers - An Offensive Approach
Published 4/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.07 GB | Duration: 4h 28m
Published 4/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.07 GB | Duration: 4h 28m
Develop ”Out-of-box” thinking related to web secure codin and see security from offensive perspective
What you'll learn
Best practices when it comes to secure coding for web developers
OWASP Top 10 Web vulnerabilities
"Out-of-box thinking" when it comes to exploiting certain vulnerabilities
Learn certain tools and frameworks for offensive perspective
Requirements
basic knowledge of HTTP Protocol, Linux and web development.
Description
You will learn to protect your web application by attacking it, by performing penetration testing on it. This course is rather theoretical with only some labs and demos.ObjectivesDevelop ”Out-of-box” thinkingSee security from an offensive perspectiveLearn best security practices and (most and less) common attacksLearn to defend your applications and infrastructureTopicsOverview of Web Penetration TestingOWASP Top Ten Web VulnerabilitiesAPI Top Ten vulnerabilitiesHTTP Security HeadersJSON Web TokensTechnical measures and best practicesCryptographyOverview of Web Penetration TestingCore problemsWeb Technologies basicsSecurity Audit vs Vulnerability Assessment vs PentestInformation GatheringScanning and EnumerationMapping the target surfaceAttacking Users. Cross Site ScriptingAttacking the ServerAttacking AuthenticationAttacking Data StoresTop 10 API Security VulnerabilitiesAPI VulnerabilitiesExamples of vulnerabilities found in publicly accessible applicationsOWASP Top Ten Web VulnerabilitiesA1: InjectionA2 – Broken Authentication and Session ManagementA3 – Cross-Site Scripting (XSS)A4 – Insecure Direct Object ReferencesA5 – Security MisconfigurationA6 – Sensitive data ExposureA7 – Missing Function Level Access ControlA8 – Cross-Site Request Forgery (CSRF)A9 – Using Components with Known VulnerabilitiesA10 – Unvalidated Redirects and ForwardsNew Addition in OWASP TOP 10 - 2017A4 - XML External entities (XXE)A5 – Broken Access ControlA8 – Insecure DeserializationA10 - Insufficient Logging & MonitoringNew additions in 2021Common Vulnerabilities: XSS, SQL Injection, CSRF, XXE, LFIHTTP Security HeadersUnderstand HTTP Security Tokens and their roleHSTS - Strict-Transport-SecurityCSP - Content-Security-PolicyCORSX-Frame-OptionsX-XSS-ProtectionX-Content-Type-OptionsReferrer-PolicyCookie flags: HTTPOnly, SecureJSON Web TokensUnderstanding JSON WEB TOKENSToken StructureWhen can you use JWTIssuesWhat is JWT good for?Best Practices for JSON Web TokensTechnical measures and best practicesInput ValidationEncodingBind Parameters for Database QueriesProtect Data in TransitHash and Salt Your Users' PasswordsEncrypt Data at RestLogging - Best practicesAuthenticate Users SafelyProtect User SessionsAuthorize ActionsCryptographyCryptographic conceptsAlgorithmsCryptography and cryptanalysis toolsCryptography attacks
Overview
Section 1: Introduction & Agenda
Lecture 1 Agenda
Lecture 2 VMs used to replicate the lab
Lecture 3 Additional Resources
Section 2: Overview of Web Penetration Testing
Lecture 4 Overview of Web Penetration Testing
Lecture 5 Information Gathering - Part 1
Lecture 6 Information Gathering - Part 2
Lecture 7 Information Gathering - Part 3
Lecture 8 Scanning and Enumeration
Lecture 9 Mapping
Lecture 10 Attacking the users - Reflected XSS
Lecture 11 Attacking the users - Stored XSS
Lecture 12 Attacking the users - CSRF, Clickjacking, Open Redirect
Lecture 13 Attacking the server - OS Command Injection
Lecture 14 Attacking the Server - SMTP Injection
Lecture 15 Attacking Authentication
Lecture 16 Attacking the Datastore - SQLi part 1
Lecture 17 Attacking the Datastore - SQLi part 2
Section 3: OWASP API Top 10 Vulnerabilities
Lecture 18 API OWASP Top 10 - Part 1
Lecture 19 API OWASP Top 10 - Part 2
Section 4: OWASP Web Top 10 Vulnerabilities
Lecture 20 Web OWASP Top 10
Section 5: HTTP Security Headers
Lecture 21 HTTP Security Headers
Section 6: JSON Web Tokens
Lecture 22 JSON Web Tokens
Section 7: Technical Measures and Best Practices
Lecture 23 Technical measures and best practices - part 1
Lecture 24 Technical measures and best practices - part 2
Section 8: Cryptography
Lecture 25 Cryptography - part 1
Lecture 26 Cryptography - part 2
Developers, Dev(Sec)Ops and software architects mostly,Also useful for system administrators, technical managers and CISO,Ethical Hackers, Penetration Testers, Bug Bounty Fans