—Course Overview
1m 40s
How Many Vulnerabilities Can You Spot?
- 10m 8s
—Hacking Is Eating the World
5m 2s
—Your Vulnerability Compiler Checkup
5m 6s
Preventing Cross-site Scripting Attacks
- 30m 3s
—IANAV, But...
1m 48s
—Setting up Terracotta, a Highly-vulnerable Web Application
1m 25s
—Detecting Cross-site Scripting in Automated Regression Tests
3m 3s
—A Simple Cross-site Scripting Exploit
1m 5s
—Mitigating Cross-site Scripting with Blacklisting
3m 15s
—Mitigating Cross-site Scripting with Whitelisting
2m 30s
—The Importance of Canonicalization
2m 47s
—Mitigating Cross-site Scripting with HTTP Response Headers
4m 6s
—Defense In-depth with Cross-site Scripting
1m 27s
—Mitigating Cross-site Scripting with Spring Security
1m 20s
—Detecting Persisted Cross-site Scripting in Automated Regression Tests
2m 41s
—Mitigating Cross-site Scripting with Output Encoding
4m 31s
Preventing Log Injection and Log Forgery
- 13m 44s
—Cross-site Scripting the Noc
2m 39s
—Detecting Log Injection
2m 30s
—Mitigating Log Injection Using Timestamps
3m 26s
—Mitigating Log Injection Using Guids
2m 13s
—Mitigating Log Injection Using Output Encoding
2m 2s
—Review + Fangs to Line Feeds
0m 52s
Preventing CSRF, Response Splitting, and Open Redirect
- 36m 58s
—How to Smuggle in a Carriage Return
3m 59s
—Detecting CRLF Injection in Automated Regression Tests
1m 20s
—Mitigating CRLF Injection Using Output Encoding
2m 31s
—A Perfectly Forged Check
1m 56s
—Detecting CSRF in Automated Regression Tests
2m 30s
—Mitigating CSRF Using a Custom Header
2m 13s
—Mitigating CSRF by Verifying Source and Target Origins
2m 37s
—Mitigating CSRF Using Synchronized Tokens
2m 10s
—Storing CSRF Synchronized Tokens a Cookie
2m 16s
—Storing CSRF Synchronized Tokens in the Session
1m 3s
—Storing CSRF Synchronized Tokens in a JWT
2m 52s
—Mitigating CSRF Using Spring Security
1m 37s
—Getting CSRF Defense Right
2m 13s
—Redirect Dancing with Two Left Feet
1m 27s
—Detecting Open Redirect in Automated Regression Tests
1m 47s
—Mitigating Open Redirect with State
1m 31s
—Mitigating Open Redirect with Whitelisting
1m 46s
—Review + Deep Waters
1m 0s
Preventing Directory Traversal and Malicious File Upload
- 22m 39s
—Spot-the-forgery
2m 31s
—Running Terracotta in a Docker Container
2m 16s
—Detecting Malicious File Upload in Automated Regression Tests
2m 10s
—Mitigating Malicious File Upload Using File Extensions
1m 39s
—Mitigating Malicious File Upload Using Apache Tika
1m 49s
—Mitigating Malicious File Upload Using ClamAV
1m 27s
—Mitigating Malicious File Upload Using MultipartConfig
3m 25s
—Detecting Directory Traversal in Automated Regression Tests
1m 39s
—Mitigating Directory Traversal
4m 9s
—Review + Mythbusting
1m 30s
Preventing SQL and NoSQL Injection
- 19m 37s
—How SQL Injection Makes a Database an Open Book
3m 37s
—Detecting SQL Injection in Automated Regression Tests
3m 30s
—Mitigating SQL Injection Using Bind Variables
1m 17s
—Mitigating SQL Injection Using an ORM
1m 45s
—An Infinite Loop in a Haystack
1m 31s
—Detecting NoSQL Injection in Automated Regression Tests
3m 5s
—Mitigating NoSQL Injection
4m 7s
—Review
0m 42s
Building in Security First
- 10m 28s
—The Cost of Insecurity
2m 0s
—The Security Development Lifecycle
7m 44s
—Good Night and Good Luck
0m 43s