Explore five dangerous web application vulnerabilities beyond the OWASP Top 10 in this 45-minute conference talk from Hack in Paris 2017. Delve into the intricacies of Output Encoding, Regular Expressions, Server Side Request Forgery, and more, as Aaron Hnatiw provides both exploitation techniques and mitigation strategies for each vulnerability. Learn how these lesser-known security risks can impact web applications and gain valuable insights for developers and pentesters alike. Discover practical testing methods, defense mechanisms, and the importance of protocol whitelisting to enhance your web application security knowledge beyond standard categorizations.
Overview
Syllabus
Intro
What is Top 10
Coverage
CWE
Vulnerability Testing
Output Encoding
Regular Expressions
Server Side Request forgery
Bypass firewalls
Google Digg vulnerability
How to test for serverside request forgery
How to defend against serverside request forgery
Whitelisting protocols
Review
Taught by
Hack in Paris
Related Courses
-
OWASP Top 10: Server Side Request Forgery
-
OWASP Top 10 - A10:2021 - Server-Side Request Forgery (SSRF)
-
OWASP API Security Top 10 Course – Secure Your Web Apps
5.0 -
Beyond the OWASP Top 10 - Modern Web Application Bugs
-
The 3 Way Bypass Surgery - Abusing Content Delivery Networks with Server Side Request Forgery - SSRF
-
Modern Web Application Defense with OWASP Tools
