English | Size: 2.07 GB
Genre: eLearning
Develop ”Out-of-box” thinking related to web secure codin and see security from offensive perspective
What you’ll learn
Best practices when it comes to secure coding for web developers
OWASP Top 10 Web vulnerabilities
“Out-of-box thinking” when it comes to exploiting certain vulnerabilities
Learn certain tools and frameworks for offensive perspective
You will learn to protect your web application by attacking it, by performing penetration testing on it. This course is rather theoretical with only some labs and demos.
Objectives
- Develop ”Out-of-box” thinking
- See security from an offensive perspective
- Learn best security practices and (most and less) common attacks
- Learn to defend your applications and infrastructure
Topics
- Overview of Web Penetration Testing
- OWASP Top Ten Web Vulnerabilities
- API Top Ten vulnerabilities
- HTTP Security Headers
- JSON Web Tokens
- Technical measures and best practices
- Cryptography
Overview of Web Penetration Testing
- Core problems
- Web Technologies basics
- Security Audit vs Vulnerability Assessment vs Pentest
- Information Gathering
- Scanning and Enumeration
- Mapping the target surface
- Attacking Users. Cross Site Scripting
- Attacking the Server
- Attacking Authentication
- Attacking Data Stores
Top 10 API Security Vulnerabilities
- API Vulnerabilities
- Examples of vulnerabilities found in publicly accessible applications
OWASP Top Ten Web Vulnerabilities
- A1: Injection
- A2 – Broken Authentication and Session Management
- A3 – Cross-Site Scripting (XSS)
- A4 – Insecure Direct Object References
- A5 – Security Misconfiguration
- A6 – Sensitive data Exposure
- A7 – Missing Function Level Access Control
- A8 – Cross-Site Request Forgery (CSRF)
- A9 – Using Components with Known Vulnerabilities
- A10 – Unvalidated Redirects and Forwards
- New Addition in OWASP TOP 10 – 2017
- A4 – XML External entities (XXE)
- A5 – Broken Access Control
- A8 – Insecure Deserialization
- A10 – Insufficient Logging & Monitoring
- New additions in 2021
- Common Vulnerabilities: XSS, SQL Injection, CSRF, XXE, LFI
HTTP Security Headers
- Understand HTTP Security Tokens and their role
- HSTS – Strict-Transport-Security
- CSP – Content-Security-Policy
- CORS
- X-Frame-Options
- X-XSS-Protection
- X-Content-Type-Options
- Referrer-Policy
- Cookie flags: HTTPOnly, Secure
JSON Web Tokens
- Understanding JSON WEB TOKENS
- Token Structure
- When can you use JWT
- Issues
- What is JWT good for?
- Best Practices for JSON Web Tokens
Technical measures and best practices
- Input Validation
- Encoding
- Bind Parameters for Database Queries
- Protect Data in Transit
- Hash and Salt Your Users’ Passwords
- Encrypt Data at Rest
- Logging – Best practices
- Authenticate Users Safely
- Protect User Sessions
- Authorize Actions
Cryptography
- Cryptographic concepts
- Algorithms
- Cryptography and cryptanalysis tools
- Cryptography attacks
Who this course is for:
- Developers, Dev(Sec)Ops and software architects mostly
- Also useful for system administrators, technical managers and CISO
- Ethical Hackers, Penetration Testers, Bug Bounty Fans
rapidgator.net/file/90f16c34ed6d37b3cc1d245da94398d1/UD-SecurityForDevelopers-AnOffensiveApproach.part1.rar.html
rapidgator.net/file/bc25a47c447bf94b188fd891d1b58ca2/UD-SecurityForDevelopers-AnOffensiveApproach.part2.rar.html
rapidgator.net/file/06b0751011f50a1a5183da96f0f28a1b/UD-SecurityForDevelopers-AnOffensiveApproach.part3.rar.html
rapidgator.net/file/f12983de4bf224b13f38a5a703005c66/UD-SecurityForDevelopers-AnOffensiveApproach.part4.rar.html
rapidgator.net/file/abdda4377b5bb973b5a75577b6871d7f/UD-SecurityForDevelopers-AnOffensiveApproach.part5.rar.html
rapidgator.net/file/bbe93f40355a78442eaa979a05c3d7fd/UD-SecurityForDevelopers-AnOffensiveApproach.part6.rar.html
nitroflare.com/view/9094CFA2DE23539/UD-SecurityForDevelopers-AnOffensiveApproach.part1.rar
nitroflare.com/view/2048BEB3F822E13/UD-SecurityForDevelopers-AnOffensiveApproach.part2.rar
nitroflare.com/view/2E53513569CF07D/UD-SecurityForDevelopers-AnOffensiveApproach.part3.rar
nitroflare.com/view/3E60194726D0EEC/UD-SecurityForDevelopers-AnOffensiveApproach.part4.rar
nitroflare.com/view/4DE65916ED06D15/UD-SecurityForDevelopers-AnOffensiveApproach.part5.rar
nitroflare.com/view/0DC553C727DCF16/UD-SecurityForDevelopers-AnOffensiveApproach.part6.rar
If any links die or problem unrar, send request to
forms.gle/e557HbjJ5vatekDV9