Completed
Common mistakes
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Modern Web Application Bugs
Automatically move to the next video in the Classroom when playback concludes
- 1 about me
- 2 Blind XXE
- 3 Stopping XXE
- 4 JSON serialization
- 5 Deserialization Attack Gadgets
- 6 Custom deserialization attacks
- 7 Underlying cause
- 8 Stopping insecure deserialization
- 9 Templating frameworks
- 10 Testing for template injection
- 11 Stopping template injection
- 12 Common mistakes
- 13 Server side requests
- 14 SSRF - Server-Side Request Forgery
- 15 SSRF - internal services
- 16 IP-adresses - Blacklisting is hard...
- 17 Broken URL parsing
- 18 Protection
- 19 Subdomain takeover/hijacking
- 20 Cloud services
- 21 Example
- 22 Subdomain takeover - Impact
- 23 Crowd demo
- 24 Tricky headers
- 25 Complicating the attack
- 26 Stopping web cache poisoning
- 27 What is this?
- 28 GraphQL gotchas
- 29 Resources