Overview
Syllabus
Intro
Demo
About me
API
HTTP
Guidelines
HTTPStrict Transport Security
Warming Up
Application Layer
Endpoints
State Changing Operations
Missing Authorization
Session Information
Clientside Session Data
JSON Web Token
Decode Functions
Token Misuse
JSON Web Token Rabbit Hole
Cookies
Authorization Header
Attachment to outgoing requests
Default solutions
Crosssite request forgery
Transparent token
Crossorigin resource sharing
Custom headers
Cookies for API
Input validation
Input validation best practices
Over or under estimating input validation
Build secure stuff
Taught by
OWASP Foundation