Overview
Explore basic web application security vulnerabilities and their prevention in this code::dive 2018 conference talk. Dive into SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) through live demonstrations and real-world examples. Learn how to detect, exploit, and fix these common security issues using a Java-based web application built with Spring Boot. Witness practical hacking techniques, including authentication bypass, database content retrieval, session hijacking, and unauthorized actions. Gain insights into effective protection methods such as parameter binding, encoding, and double submit cookies. Suitable for developers with basic programming knowledge in any language, this hands-on lecture provides essential skills for building more secure web applications.
Syllabus
Intro
SQL Injection: Did you know?
SQL Injection: Bypassing authentication
SQL Injection: Retrieving sensitive data
SQL Injection Protection
Parameters Binding: How does it work?
SQL Injection: Summary
Cross-Site Scripting (XSS)
Reflected XSS
XSS Payloads
XSS Protection: Encoding
XSS Example: Safari Books
XSS: Summary
Cross-Site Request Forgery (CSRF)
CSRF Example
CSRF Prevention: Double submit cookie
CSRF: Summary
Taught by
code::dive conference