Этот материал находится в платной подписке. Оформи премиум подписку и смотри или слушай Web security: Injection Attacks with Java & Spring Boot, а также все другие курсы, прямо сейчас!
Премиум
  • Урок 1. 00:06:54
    Why to learn Secure coding principles & Web security?
  • Урок 2. 00:04:24
    Structure of the course
  • Урок 3. 00:06:57
    Setting up the environment
  • Урок 4. 00:07:38
    Adding the base pom.xml with basic maven dependencies
  • Урок 5. 00:07:27
    Creating common login module with dependencies, thymeleaf templates & bootstrap
  • Урок 6. 00:03:28
    Creating the package structure and adding interfaces
  • Урок 7. 00:09:14
    Adding authentication provider and user details to customise form authentication
  • Урок 8. 00:07:35
    Adding web security configuration for Spring security form login authentication
  • Урок 9. 00:06:01
    Adding API endpoints
  • Урок 10. 00:11:16
    Adding Custom Error Controller
  • Урок 11. 00:02:24
    Introduction to Injections
  • Урок 12. 00:01:53
    Explaining SQL injection
  • Урок 13. 00:08:50
    Creating SQL Injection application with dependencies and configuration
  • Урок 14. 00:07:54
    Adding PostgreSQL init files, packages and validator implementation
  • Урок 15. 00:03:18
    Implementing Spring Data JPA entities
  • Урок 16. 00:03:23
    Adding Spring Data JPA repository interfaces
  • Урок 17. 00:08:40
    Implementing Spring Data JPA repository
  • Урок 18. 00:06:41
    Adding SQL injection user detail service implementation
  • Урок 19. 00:03:27
    Implementing user service interface
  • Урок 20. 00:07:24
    Hacking SQL Injection application using login form with Http Post - Part 1
  • Урок 21. 00:06:36
    Hacking SQL Injection application using login form with Http Post - Part 2
  • Урок 22. 00:08:51
    Hacking SQL Injection application with Http Get - Part 1
  • Урок 23. 00:06:20
    Hacking SQL Injection application with Http Get - Part 2
  • Урок 24. 00:12:20
    Hacking SQL Injection application with Http Get - Part 3 - Using Burp Suite
  • Урок 25. 00:07:48
    Extending Http Get vulnerability to read system files - Part 1
  • Урок 26. 00:08:01
    Extending Http Get vulnerability to read system files - Part 2
  • Урок 27. 00:11:41
    Preventing Sql injection: Validation and Sanitisation
  • Урок 28. 00:10:20
    Preventing Sql injection: Using Prepared statements
  • Урок 29. 00:07:43
    Preventing Sql injection: Summary
  • Урок 30. 00:04:09
    A final attack using a vulnerable SQL function
  • Урок 31. 00:02:08
    Explaining NoSQL injection
  • Урок 32. 00:08:41
    Adding NoSQL injection module with dependencies using MongoDB
  • Урок 33. 00:07:55
    Adding configuration and init data file
  • Урок 34. 00:04:35
    Adding packages and validator implementation
  • Урок 35. 00:08:09
    Implementing mongoDB configuration
  • Урок 36. 00:08:07
    Adding repository interfaces
  • Урок 37. 00:08:54
    Implementing repository and adding service layer classes
  • Урок 38. 00:10:10
    Hacking NoSQL injection application: Using login form
  • Урок 39. 00:06:01
    Hacking NoSQL injection: Using user info endpoint with Regex
  • Урок 40. 00:07:16
    Preventing NoSQL injection: Validation and sanitisation
  • Урок 41. 00:08:33
    Preventing NoSQL injection: Using criteria Api
  • Урок 42. 00:04:48
    Preventing NoSQL injection: Using JPA repository
  • Урок 43. 00:02:04
    Explaining LDAP injection
  • Урок 44. 00:07:54
    Adding LDAP injection module with LDAP schema file
  • Урок 45. 00:09:41
    Adding dependencies,configuration and startup file to initialisatize LDAP schema
  • Урок 46. 00:06:29
    Creating packages and adding Spring boot starter class to initialise LDAP data
  • Урок 47. 00:05:16
    Creating entity and validation implementations, and repository interfaces
  • Урок 48. 00:11:56
    Adding LDAP helper class for LDAP operations
  • Урок 49. 00:05:16
    Completing the user repository implementation
  • Урок 50. 00:06:44
    Completing the user role repository and service implementation
  • Урок 51. 00:06:21
    Hacking LDAP injection - Part 1
  • Урок 52. 00:05:52
    Hacking LDAP injection - Part 2
  • Урок 53. 00:04:19
    Preventing LDAP injection: Validation and sanitisation
  • Урок 54. 00:11:36
    Preventing LDAP injection: Using secure libraries
  • Урок 55. 00:03:46
    Explaining LOG injection
  • Урок 56. 00:05:51
    Adding a new endpoint to use in LOG injection attacks
  • Урок 57. 00:07:30
    Adding log data endpoint and thymeleaf template to view logs by admin user
  • Урок 58. 00:06:02
    Adding Logback configuration
  • Урок 59. 00:04:06
    Creating the attacker application
  • Урок 60. 00:05:05
    Hacking LOG injection with Line Feed
  • Урок 61. 00:08:44
    Hacking LOG injection with Carriage Return
  • Урок 62. 00:06:50
    Hacking LOG injection: XSS attack - Part 1
  • Урок 63. 00:05:34
    Hacking LOG injection: XSS attack - Part 2
  • Урок 64. 00:08:03
    Preventing LOG injection: Validation and using trusted libraries protections
  • Урок 65. 00:06:27
    Preventing LOG injection: XSS attacks
  • Урок 66. 00:02:00
    Explaining CSV injection
  • Урок 67. 00:04:45
    Adding new interfaces
  • Урок 68. 00:08:18
    Adding user detail Api methods for CSV injection
  • Урок 69. 00:05:54
    Adding export user details Api method for CSV injection
  • Урок 70. 00:04:20
    Adding data access implementation classes
  • Урок 71. 00:09:42
    Implementing user detail service
  • Урок 72. 00:11:49
    Implementing excel generator service
  • Урок 73. 00:01:31
    A new endpoint on attacker web site
  • Урок 74. 00:10:11
    Hacking CSV injection using excel formula
  • Урок 75. 00:09:35
    Preventing CSV injection - Part 1
  • Урок 76. 00:11:11
    Preventing CSV injection - Part 2