Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Modern Web Vulnerabilities 2020

NDC Conferences via YouTube

Overview

Explore modern web vulnerabilities in this comprehensive conference talk from NDC Security. Delve into the evolution of lesser-known web application vulnerabilities that have gained prominence through bug bounty programs since 2018. Examine recurring issues and newly surfaced vulnerabilities, complete with live demonstrations. Gain insights into the causes of these bugs, learn detection techniques, and discover effective mitigation strategies. Cover topics such as insecure deserialization, server-side request forgery, edge side includes, JavaScript prototype pollution, API vulnerabilities, and HTTP request smuggling. Enhance your understanding of web security challenges and equip yourself with the knowledge to identify and eliminate these threats in your applications.

Syllabus

Intro
NDC Security 2018
Insecure Deserialization
SSRF - Server Side Request Forgery
Edge Side Includes
Reverse proxy with caching
Dangers of ESI Injection
Finding and stopping ESI injection
JavaScript prototypes
Example: Logger definition
Exploring prototypes
Prototypes are mutable!
Common JavaScript patterns
Attack vectors
Avoiding prototype pollution attacks
Common API Problems
Classic HTTP Request smuggling
Detection and protection

Taught by

NDC Conferences

Reviews

Start your review of Modern Web Vulnerabilities 2020

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.