| 1. SQL Injection | |||
| 01. Introduction.wmv | 238.89 KB | ||
| 02. What is SQL Injection.wmv | 6.65 MB | ||
| 03. Demo - Form based SQL Injection 1.wmv | 33.72 MB | ||
| 04. Demo - Form based SQL Injection 2.wmv | 6.45 MB | ||
| 05. How do you prevent SQL Injection.wmv | 5.3 MB | ||
| 06. Demo - SQL Permissions Auditor Tool.wmv | 5.11 MB | ||
| 07. Additional Protections.wmv | 9.78 MB | ||
| 08. Problematic Fixes - Blacklisting Routines.wmv | 8.47 MB | ||
| 09. Problematic Fixes - SQL Routines and SQL Truncation.wmv | 7.71 MB | ||
| 10. Basic Dynamic Query Ideas.wmv | 13.21 MB | ||
| 11. Using an ORM.wmv | 7.51 MB | ||
| 12. Additional Information References.wmv | 886.78 KB | ||
| 2. Information Leakage | |||
| 01. Introduction.wmv | 273.93 KB | ||
| 02. What is information leakage.wmv | 1.64 MB | ||
| 03. How is it information gathered.wmv | 4.05 MB | ||
| 04. Demo - Web App Basic Information Leakage.wmv | 5.29 MB | ||
| 05. Demo - Information Leakage from error page.wmv | 1.21 MB | ||
| 06. Demo - Information Leakage by Ajax.wmv | 2.98 MB | ||
| 07. How do you prevent Information Leakage.wmv | 27.32 MB | ||
| 08. Additional Reading.wmv | 770.08 KB | ||
| 3. Cross-Site Scripting (XSS) | |||
| 01. Introduction.wmv | 250.54 KB | ||
| 02. What is XSS.wmv | 5.1 MB | ||
| 03. How is XSS exploited.wmv | 1.15 MB | ||
| 04. Demo - Reflected XSS Attack.wmv | 5.36 MB | ||
| 05. Demo - Persistent XSS Attack.wmv | 10.77 MB | ||
| 06. Demo - Older Style IE6 Content Type Sniffing Attack.wmv | 4.97 MB | ||
| 07. Demo - DOM Based XSS.wmv | 13.85 MB | ||
| 08. Demo - Data URI - Link Hijack.wmv | 8.01 MB | ||
| 09. Demo - Dangling Markup-Scriptless Attacks.wmv | 13.79 MB | ||
| 10. How do you prevent XSS.wmv | 4.6 MB | ||
| 11. How do you prevent XSS (page 2).wmv | 1.8 MB | ||
| 12. Demo (Prevention)- AntiXss GetSafeHtmlFragment().wmv | 4.11 MB | ||
| 13. Demo (Prevention)- Specifying UTF-8 Encoding.wmv | 2.55 MB | ||
| 14. Demo (Prevention)- Content Security Policy.wmv | 12.66 MB | ||
| 15. Problems with blacklists-character filtering.wmv | 6.25 MB | ||
| 16. How do you prevent XSS (last but not least).wmv | 6.17 MB | ||
| 17. Don't turn off Request Validation.wmv | 14.33 MB | ||
| 18. Know your encoding options.wmv | 8.11 MB | ||
| 19. Demo (Fix) - Fixing Web Forms Repeater.wmv | 8.81 MB | ||
| 20. Demo (Fix) - Fixing Scriptless-Dangling HTML.wmv | 2.78 MB | ||
| 21. Demo (Fix) - Fixing DOM based attacks.wmv | 10.72 MB | ||
| 22. Tools.wmv | 3.64 MB | ||
| 23. Summary.wmv | 3.55 MB | ||
| 24. Additional Information References.wmv | 816.7 KB | ||
| 4. Parameter Tampering | |||
| 01. Introduction.wmv | 250.57 KB | ||
| 02. What is parameter tampering.wmv | 956.89 KB | ||
| 03. How is it exploited.wmv | 1.97 MB | ||
| 04. MVC Parameter Tampering.wmv | 11.1 MB | ||
| 05. Web Forms Parameter Tampering.wmv | 9.6 MB | ||
| 06. EventValidation issues with client side script.wmv | 3.7 MB | ||
| 07. Preventing tampering in MVC.wmv | 6.24 MB | ||
| 08. Preventions - Regular Expressions.wmv | 2.72 MB | ||
| 09. Preventions - Data Annotations.wmv | 2.85 MB | ||
| 10. Validate your data.wmv | 7.31 MB | ||
| 11. A few minor words of caution.wmv | 6.11 MB | ||
| 12. Summary.wmv | 4.96 MB | ||
| 13. Additional Information References.wmv | 1.28 MB | ||
| 5. Encryption and Hashing | |||
| 01. Introduction.wmv | 285.61 KB | ||
| 02. Why should I encrypt.wmv | 7.99 MB | ||
| 03. How to encrypt - database side.wmv | 1.68 MB | ||
| 04. SQL - Encrypt by passphrase.wmv | 6.14 MB | ||
| 05. SQL - Encrypt by certificate.wmv | 4.53 MB | ||
| 06. How to encrypt - application code.wmv | 6.87 MB | ||
| 07. How to encrypt - configuration settings.wmv | 6.52 MB | ||
| 08. Forcing SSL - MVC.wmv | 5.91 MB | ||
| 09. Forcing SSL - Web Forms.wmv | 1.84 MB | ||
| 10. Forcing SSL - Additional Information.wmv | 2.72 MB | ||
| 11. Installing SSL on your development box.wmv | 10.2 MB | ||
| 12. About Hashing.wmv | 2.18 MB | ||
| 13. How are hashes attacked.wmv | 4.13 MB | ||
| 14. What's a salt.wmv | 2.05 MB | ||
| 15. Demo - Basic hash with salt.wmv | 4.27 MB | ||
| 16. Demo - Hash brute force attack (even with a salt).wmv | 6.65 MB | ||
| 17. Tool Demo - Hashcat.wmv | 2.33 MB | ||
| 18. Choosing the right approaches.wmv | 8.72 MB | ||
| 19. Membership provider support.wmv | 2.66 MB | ||
| 20. But I need my lost password functionality.wmv | 1.81 MB | ||
| 21. Additional Information.wmv | 991.87 KB | ||
| 6. Cross-Site Request Forgery (CSRF) | |||
| 01. Introduction.wmv | 250.54 KB | ||
| 02. What is CSRF.wmv | 1.55 MB | ||
| 03. How is CSRF exploited.wmv | 4.46 MB | ||
| 04. Demo - Exploit using email image src.wmv | 12.26 MB | ||
| 05. Demo - Repeatability is the key.wmv | 2.38 MB | ||
| 06. Demo - CSRF from XSS.wmv | 4.27 MB | ||
| 07. POSTs protect me, don't they.wmv | 9.66 MB | ||
| 08. Demo - Web Forms One Click Attack - Forge user interaction.wmv | 17.92 MB | ||
| 09. How do you prevent CSRF.wmv | 3.98 MB | ||
| 10. Web Forms CSRF Prevention.wmv | 12.72 MB | ||
| 11. MVC CSRF Prevention.wmv | 11.92 MB | ||
| 12. Summary.wmv | 3.29 MB | ||
| 7. Denial of Service | |||
| 01. Introduction.wmv | 215.52 KB | ||
| 02. How is DoS exploited.wmv | 7.44 MB | ||
| 03. Demo - Affecting the victim's browser.wmv | 4.5 MB | ||
| 04. Demo - Browser based distributed denial of service.wmv | 11.64 MB | ||
| 05. Demo - Slow page = easy target.wmv | 7.73 MB | ||
| 06. Preventing DoS.wmv | 3.12 MB | ||
| 07. Additional Information References.wmv | 991.86 KB | ||
| 8. Session Management and Hijacking | |||
| 01. Introduction.wmv | 262.28 KB | ||
| 02. ASP.NET Session Id Management Background.wmv | 10.4 MB | ||
| 03. Session Management Demo.wmv | 15.33 MB | ||
| 04. How can sessions be attacked.wmv | 1.6 MB | ||
| 05. Demo - stealing a session.wmv | 12.78 MB | ||
| 06. Preventing Session Attacks.wmv | 1.46 MB | ||
| 07. Syncing Forms authentication timeouts and session timeouts.wmv | 8.58 MB | ||
| 08. Preventing - Removing the session cookie on login-logout.wmv | 6.21 MB | ||
| 09. Preventing - Avoid cookieless sessions.wmv | 1.89 MB | ||
| 10. Custom session id managers.wmv | 26.64 MB | ||
| 11. Additional Information.wmv | 2 MB |
Developers are notoriously lax in security. Part of the problem is not understanding how our applications are attacked. To protect your applications you need to BE a hacker. You need to understand how your applications are hacked, and therefore, how to protect them. This course goes over the most common hacking techniques using an array of current attacks to show how a web application is exploited. This course covers exploits and protections for both Web Forms and MVC. Covered are such topics as sql injection, parameter tampering, information leakage, cross-site scripting (xss), cross-site request forgery, encryption, hashing, and denial of service all with applicable demos.
All Comments