Cookies are interesting for attackers because of the sensitive data they store. This course, Web App Hacking: Cookie Attacks, will teach you how to avoid the severe consequences of insecure cookie processing. First, you'll learn how cookies with sensitive data can leak over insecure channel. Next, you'll learn how the attacker can hijack cookies remotely. You'll also learn about weaknesses in cookie lifecycle and see one of the most underestimated cookie attacks - XSS via cookie. Finally, you'll learn how the attacker can tamper remotely with cookies of the user. By the end of the course, you'll know how cookie attacks work in practice and how to test web applications for various cookie processing flaws. What's more, you will learn how to process cookies securely.
Overview
Cookies are interesting for attackers because of the sensitive data they store. This course, Web App Hacking: Cookie Attacks, will teach you how to avoid the severe consequences of insecure cookie processing. First, you'll learn how cookies with sensitive data can leak over insecure channel. Next, you'll learn how the attacker can hijack cookies remotely. You'll also learn about weaknesses in cookie lifecycle and see one of the most underestimated cookie attacks - XSS via cookie. Finally, you'll learn how the attacker can tamper remotely with cookies of the user. By the end of the course, you'll know how cookie attacks work in practice and how to test web applications for various cookie processing flaws. What's more, you will learn how to process cookies securely.
Syllabus
- Course Overview 1min
- Introduction 6mins
- Leakage of Cookie with Sensitive Data 8mins
- Cookie Hijacking 9mins
- Weaknesses in Cookie Lifecycle 11mins
- Underestimated Risk: XSS via Cookie 11mins
- Remote Cookie Tampering 8mins
- Summary 5mins
Taught by
Dawid Czagan
