Удален по просьбе правообладателя
  • Урок 1. 00:02:33
    Overview
  • Урок 2. 00:03:38
    The State of Web Application Security
  • Урок 3. 00:05:43
    Understanding Web Application Security
  • Урок 4. 00:08:48
    Query Strings, Routing, and HTTP Verbs
  • Урок 5. 00:03:53
    The Discoverability of Client Security Constructs
  • Урок 6. 00:08:31
    Protections Offered by Browsers
  • Урок 7. 00:02:27
    What the Browser Can't Defend Against
  • Урок 8. 00:01:27
    What's Not Covered in This Course
  • Урок 9. 00:02:09
    Summary
  • Урок 10. 00:02:17
    Overview
  • Урок 11. 00:06:02
    Spidering with NetSparker
  • Урок 12. 00:09:25
    Forced Browsing with Burp Suite
  • Урок 13. 00:04:28
    Directory Traversal
  • Урок 14. 00:02:36
    Banner Grabbing with Wget
  • Урок 15. 00:03:49
    Server Fingerprinting with Nmap
  • Урок 16. 00:03:40
    Discovery of Development Artefacts with Acunetix
  • Урок 17. 00:04:21
    Discovery of Services via Generated Documentation
  • Урок 18. 00:02:56
    Discovering Framework Risks
  • Урок 19. 00:01:49
    Identifying Vulnerable Targets with Shodan
  • Урок 20. 00:01:50
    Summary
  • Урок 21. 00:02:01
    Overview
  • Урок 22. 00:02:19
    OWASP and the Top 10 Web Application Security Risks
  • Урок 23. 00:05:47
    Understanding Untrusted Data
  • Урок 24. 00:06:12
    Parameter Tampering
  • Урок 25. 00:03:40
    Hidden Field Tampering
  • Урок 26. 00:04:30
    Mass Assignment Attacks
  • Урок 27. 00:02:51
    Cookie Poisoning
  • Урок 28. 00:04:30
    Insecure Direct Object References
  • Урок 29. 00:04:36
    Defending Against Tampering
  • Урок 30. 00:01:35
    Summary
  • Урок 31. 00:02:07
    Overview
  • Урок 32. 00:09:34
    Reflected Cross Site Scripting (XSS)
  • Урок 33. 00:05:31
    Persistent Cross Site Scripting (XSS)
  • Урок 34. 00:03:40
    Defending Against XSS Attacks
  • Урок 35. 00:03:26
    Identifying XSS Risks and Evading Filters
  • Урок 36. 00:07:27
    Client Only Validation
  • Урок 37. 00:08:16
    Insufficient Transport Layer Security
  • Урок 38. 00:07:37
    Cross Site Request Forgery (CSRF)
  • Урок 39. 00:02:41
    Summary
  • Урок 40. 00:02:56
    Overview
  • Урок 41. 00:02:49
    Understanding Weaknesses in Identity Management
  • Урок 42. 00:08:04
    Identity Enumeration
  • Урок 43. 00:04:52
    Weaknesses in the 'Remember Me' Feature
  • Урок 44. 00:02:28
    Resources Missing Access Controls
  • Урок 45. 00:04:07
    Insufficient Access Controls
  • Урок 46. 00:03:16
    Privilege Elevation
  • Урок 47. 00:02:11
    Summary
  • Урок 48. 00:02:26
    Overview
  • Урок 49. 00:03:47
    Understanding DoS
  • Урок 50. 00:02:50
    Exploiting Password Resets
  • Урок 51. 00:05:11
    Exploiting Account Lockouts
  • Урок 52. 00:04:40
    Distributed Denial of Service (DDoS)
  • Урок 53. 00:05:00
    Automating DDoS Attacks with LOIC
  • Урок 54. 00:03:21
    DDoS as a Service
  • Урок 55. 00:03:34
    Features at Risk of a DDoS Attack
  • Урок 56. 00:09:40
    Other DDoS Attacks and Mitigations
  • Урок 57. 00:02:41
    Summary
  • Урок 58. 00:02:34
    Overview
  • Урок 59. 00:06:36
    Improper Error Handling
  • Урок 60. 00:05:49
    Understanding Salted Hashes
  • Урок 61. 00:07:43
    Insecure Cryptographic Storage
  • Урок 62. 00:06:39
    Unvalidated Redirects and Forwards
  • Урок 63. 00:04:44
    Exposed Exceptions Logs with ELMAH
  • Урок 64. 00:08:07
    Vulnerabilities in Web Services
  • Урок 65. 00:03:19
    Summary