★★★★★ Reflected XSS Obfuscation (XSS).★★★★★ Reuse Password (Broken Authentication).
This is a web security course that covers a wide range of web security topics. It includes concepts of improper input validation, sensitive data exposure, cross-site scripting, security misconfiguration, unvalidated redirects, broken authentication, broken access control, cryptographic issues, inject, vulnerable components, and broken anti automation. The course objectives are to understand the different types of vulnerabilities and how to defend against them by employing secure coding practices in web applications. The ultimate goal is to identify and fix weaknesses and potential attack vectors for web applications and APIs.
Overview
Syllabus
★ Zero Stars (Improper Input Validation).
★ Confidential Document (Sensitive Data Exposure).
★ DOM XSS (XSS).
★ Error Handling (Security Misconfiguration).
★ Missing Encoding (Improper Input Validation).
★ Outdated Whitelist (Unvalidated Redirects).
★ Privacy Policy (Miscellaneous).
★ Repetitive Registration (Improper Input Validation).
★ ★ Login Admin (Injection).
★ ★ Classic Stored XSS (XSS).
★ ★ Admin Section (Broken Access Control).
★ ★ Deprecated Interface (Security Misconfiguration).
★ ★ Five Star Feedback (Broken Access Control).
★ ★ Login MC SafeSearch (Sensitive Data Exposure).
★ ★ Password Strength (Broken Authentication).
★ ★ Security Policy (Miscellaneous).
★ ★ View Basket (Broken Access Control).
★ ★ Weird Crypto (Cryptographic Issues).
★ ★ ★ API-Only XSS (XSS).
★ ★ ★ Admin Registration (Improper Input Validation).
★ ★ ★ Björn's Favorite Pet (Broken Authentication).
★ ★ ★ Captcha Bypass (Broken Anti Automation).
★ ★ ★ Client-side XSS Protection (XSS).
★ ★ ★ Database Schema (Injection).
★ ★ ★ Forged Feedback (Broken Access Control).
★ ★ ★ Forged Review (Broken Access Control).
★ ★ ★ GDPR Data Erasure (Broken Authentication).
★ ★ ★ Login Amy (Sensitive Data Exposure).
★ ★ ★ Login Bender (Injection).
★ ★ ★ Login Jim (Injection).
★ ★ ★ Manipulate Basket (Broken Access Control).
★ ★ ★ Payback Time (Improper Input Validation).
★ ★ ★ Privacy Policy Inspection (Security through Obscurity).
★ ★ ★ Product Tampering (Broken Access Control).
★ ★ ★ Reset Jim's Password (Broken Authentication).
★ ★ ★ Upload Size (Improper Input Validation).
★ ★ ★ Upload Type (Improper Input Validation).
★★★★ Access Log (Sensitive Data Exposure).
★★★★ Ephemeral Accountant (SQL-Injection).
★★★★ Expired Coupon (Improper Input Validation).
★★★★ Forgotten Developer Backup (Sensitive Data Exposure).
★★★★ Forgotten Sales Backup (Sensitive Data Exposure).
★★★★ GDPR Data Theft (Sensitive Data Exposure).
★★★★ Legacy Typosquatting (Vulnerable Components).
★★★★ Login Bjoern (Broken Authentication).
★★★★ Misplaced Signature File (Sensitive Data Exposure).
★★★★ Nested Easter Egg (Cryptographic Issues).
★★★★ NoSql Manipulation (Injection).
★★★★★ Change Benders Password (Broken Authentication).
★★★★★ Extra Language (Broken Anti Automation).
Taught by
Hacksplained
