Completed
Resources
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Modern Web Application Bugs
Automatically move to the next video in the Classroom when playback concludes
- 1 about me
- 2 Blind XXE
- 3 Stopping XXE
- 4 JSON serialization
- 5 Deserialization Attack Gadgets
- 6 Custom deserialization attacks
- 7 Underlying cause
- 8 Stopping insecure deserialization
- 9 Templating frameworks
- 10 Testing for template injection
- 11 Stopping template injection
- 12 Common mistakes
- 13 Server side requests
- 14 SSRF - Server-Side Request Forgery
- 15 SSRF - internal services
- 16 IP-adresses - Blacklisting is hard...
- 17 Broken URL parsing
- 18 Protection
- 19 Subdomain takeover/hijacking
- 20 Cloud services
- 21 Example
- 22 Subdomain takeover - Impact
- 23 Crowd demo
- 24 Tricky headers
- 25 Complicating the attack
- 26 Stopping web cache poisoning
- 27 What is this?
- 28 GraphQL gotchas
- 29 Resources