Web App Hacking: Caching Problems

Pluralsight

Course Summary

Caching problems can lead to very severe consequences. This course will teach you different types of problems, common mistakes, and countermeasures related to cache processing in modern web applications.

+
Course Description

Caching problems are underestimated by developers and security engineers. In this course, Web App Hacking: Caching Problems, you'll learn why this subject is important and how severe consequences can happen as a result of caching problems. First, you'll see that sensitive data from your web application can be exposed to everyone on the Internet as a result of Google Caching. Next, you'll discover how your password can be cached in plaintext as a result of cacheable HTTPS responses. After that, you'll see how credit card data can be insecurely processed in terms of cache. Then, you'll learn why sensitive data should never be sent in the URL. Finally, you'll explore how the caching problems, that are discussed in this course, are related to industry best practices. By the end of the course, you'll know how to test web applications for different types of caching problems.

Course Description

Caching problems are underestimated by developers and security engineers. In this course, Web App Hacking: Caching Problems, you'll learn why this subject is important and how severe consequences can happen as a result of caching problems. First, you'll see that sensitive data from your web application can be exposed to everyone on the Internet as a result of Google Caching. Next, you'll discover how your password can be cached in plaintext as a result of cacheable HTTPS responses. After that, you'll see how credit card data can be insecurely processed in terms of cache. Then, you'll learn why sensitive data should never be sent in the URL. Finally, you'll explore how the caching problems, that are discussed in this course, are related to industry best practices. By the end of the course, you'll know how to test web applications for different types of caching problems.

+
Course Syllabus

Course Overview
- 1m 48s

â€”Course Overview 1m 48s

Introduction
- 4m 57s

â€”Introduction 4m 57s

Google Caching
- 7m 54s

â€”Overview 0m 38s
â€”Google Indexing and Caching 1m 4s
â€”How to Find Sensitive Data in Google 2m 3s
â€”Demo 2m 12s
â€”Fixing the Problem 0m 58s
â€”Summary 0m 56s

Cacheable HTTPS Responses
- 9m 0s

â€”Overview 0m 43s
â€”HTTPS Is Not Enough! 1m 50s
â€”Demo 4m 55s
â€”Fixing the Problem 0m 39s
â€”Summary 0m 51s

Caching of Credit Card Data
- 6m 20s

â€”Overview 0m 48s
â€”Caching of Data Entered by the User 1m 43s
â€”Demo 1m 54s
â€”Fixing the Problem 1m 4s
â€”Summary 0m 48s

Sensitive Data in the URL
- 4m 55s

â€”Overview 0m 35s
â€”URL and Sensitive Data 1m 5s
â€”Demo 1m 47s
â€”Fixing the Problem 0m 44s
â€”Summary 0m 43s

Industry Best Practices
- 5m 48s

â€”Overview 0m 45s
â€”OWASP ASVS 1m 32s
â€”V9: Data Protection Verification Requirements 2m 46s
â€”Summary 0m 42s

Summary
- 4m 56s

â€”Summary 4m 56s