Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Modern Web Application Bugs

NDC Conferences via YouTube

Overview

Explore modern web application vulnerabilities in this comprehensive conference talk. Delve into emerging security issues gaining popularity through bug bounty programs. Walk through lesser-known and new vulnerability classes, understanding how they manifest in contemporary web applications. Learn detection techniques and mitigation strategies for these threats. Cover topics including Blind XXE, JSON serialization, deserialization attack gadgets, custom deserialization attacks, template injection, server-side request forgery (SSRF), subdomain takeover, web cache poisoning, and GraphQL gotchas. Gain insights into common mistakes, protection methods, and testing approaches for each vulnerability type. Discover the underlying causes and complexities of these security issues, including tricky headers and IP address blacklisting challenges. Benefit from practical examples, crowd demonstrations, and valuable resources to enhance your web application security knowledge.

Syllabus

about me
Blind XXE
Stopping XXE
JSON serialization
Deserialization Attack Gadgets
Custom deserialization attacks
Underlying cause
Stopping insecure deserialization
Templating frameworks
Testing for template injection
Stopping template injection
Common mistakes
Server side requests
SSRF - Server-Side Request Forgery
SSRF - internal services
IP-adresses - Blacklisting is hard...
Broken URL parsing
Protection
Subdomain takeover/hijacking
Cloud services
Example
Subdomain takeover - Impact
Crowd demo
Tricky headers
Complicating the attack
Stopping web cache poisoning
What is this?
GraphQL gotchas
Resources

Taught by

NDC Conferences

Reviews

Start your review of Modern Web Application Bugs

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.