1. Урок 1. 00:02:33
    Overview
  2. Урок 2. 00:03:38
    The State of Web Application Security
  3. Урок 3. 00:05:43
    Understanding Web Application Security
  4. Урок 4. 00:08:48
    Query Strings, Routing, and HTTP Verbs
  5. Урок 5. 00:03:53
    The Discoverability of Client Security Constructs
  6. Урок 6. 00:08:31
    Protections Offered by Browsers
  7. Урок 7. 00:02:27
    What the Browser Can't Defend Against
  8. Урок 8. 00:01:27
    What's Not Covered in This Course
  9. Урок 9. 00:02:09
    Summary
  10. Урок 10. 00:02:17
    Overview
  11. Урок 11. 00:06:02
    Spidering with NetSparker
  12. Урок 12. 00:09:25
    Forced Browsing with Burp Suite
  13. Урок 13. 00:04:28
    Directory Traversal
  14. Урок 14. 00:02:36
    Banner Grabbing with Wget
  15. Урок 15. 00:03:49
    Server Fingerprinting with Nmap
  16. Урок 16. 00:03:40
    Discovery of Development Artefacts with Acunetix
  17. Урок 17. 00:04:21
    Discovery of Services via Generated Documentation
  18. Урок 18. 00:02:56
    Discovering Framework Risks
  19. Урок 19. 00:01:49
    Identifying Vulnerable Targets with Shodan
  20. Урок 20. 00:01:50
    Summary
  21. Урок 21. 00:02:01
    Overview
  22. Урок 22. 00:02:19
    OWASP and the Top 10 Web Application Security Risks
  23. Урок 23. 00:05:47
    Understanding Untrusted Data
  24. Урок 24. 00:06:12
    Parameter Tampering
  25. Урок 25. 00:03:40
    Hidden Field Tampering
  26. Урок 26. 00:04:30
    Mass Assignment Attacks
  27. Урок 27. 00:02:51
    Cookie Poisoning
  28. Урок 28. 00:04:30
    Insecure Direct Object References
  29. Урок 29. 00:04:36
    Defending Against Tampering
  30. Урок 30. 00:01:35
    Summary
  31. Урок 31. 00:02:07
    Overview
  32. Урок 32. 00:09:34
    Reflected Cross Site Scripting (XSS)
  33. Урок 33. 00:05:31
    Persistent Cross Site Scripting (XSS)
  34. Урок 34. 00:03:40
    Defending Against XSS Attacks
  35. Урок 35. 00:03:26
    Identifying XSS Risks and Evading Filters
  36. Урок 36. 00:07:27
    Client Only Validation
  37. Урок 37. 00:08:16
    Insufficient Transport Layer Security
  38. Урок 38. 00:07:37
    Cross Site Request Forgery (CSRF)
  39. Урок 39. 00:02:41
    Summary
  40. Урок 40. 00:02:56
    Overview
  41. Урок 41. 00:02:49
    Understanding Weaknesses in Identity Management
  42. Урок 42. 00:08:04
    Identity Enumeration
  43. Урок 43. 00:04:52
    Weaknesses in the 'Remember Me' Feature
  44. Урок 44. 00:02:28
    Resources Missing Access Controls
  45. Урок 45. 00:04:07
    Insufficient Access Controls
  46. Урок 46. 00:03:16
    Privilege Elevation
  47. Урок 47. 00:02:11
    Summary
  48. Урок 48. 00:02:26
    Overview
  49. Урок 49. 00:03:47
    Understanding DoS
  50. Урок 50. 00:02:50
    Exploiting Password Resets
  51. Урок 51. 00:05:11
    Exploiting Account Lockouts
  52. Урок 52. 00:04:40
    Distributed Denial of Service (DDoS)
  53. Урок 53. 00:05:00
    Automating DDoS Attacks with LOIC
  54. Урок 54. 00:03:21
    DDoS as a Service
  55. Урок 55. 00:03:34
    Features at Risk of a DDoS Attack
  56. Урок 56. 00:09:40
    Other DDoS Attacks and Mitigations
  57. Урок 57. 00:02:41
    Summary
  58. Урок 58. 00:02:34
    Overview
  59. Урок 59. 00:06:36
    Improper Error Handling
  60. Урок 60. 00:05:49
    Understanding Salted Hashes
  61. Урок 61. 00:07:43
    Insecure Cryptographic Storage
  62. Урок 62. 00:06:39
    Unvalidated Redirects and Forwards
  63. Урок 63. 00:04:44
    Exposed Exceptions Logs with ELMAH
  64. Урок 64. 00:08:07
    Vulnerabilities in Web Services
  65. Урок 65. 00:03:19
    Summary