Module 0 |
|
(W00) Course Instructions |
|
00:00:00 |
|
(W68M0_01) Overview of OWASP Top 10 |
|
00:00:00 |
|
(W68M0_02) Setting up the lab |
|
00:00:00 |
Module 1 |
|
(W68M1_01) Parameter tampering and forced browsing |
|
00:00:00 |
|
(W68M1_02) Insecure direct object reference attack |
|
00:00:00 |
|
(W68M1_03) Cross site request forgery attack |
|
00:00:00 |
|
(W68M1_04) Open redirect and path traversal attack |
|
00:00:00 |
|
(W68M1_05) Tampering JWT attack |
|
00:00:00 |
|
(W68M1_06) Testing CORS misconfiguration |
|
00:00:00 |
|
(W68M1_07) Countermeasures |
|
00:00:00 |
|
(W68A01) Module 1 Assignment |
UNLIMITED |
Module 2 |
|
(W68M2_01) Testing weak ciphers, algo, TLS, SSL |
|
00:00:00 |
|
(W68M2_02) Testing unencrypted channel |
|
00:00:00 |
|
(W68M2_03) Testing HSTS header |
|
00:00:00 |
|
(W68M2_04) Countermeasures |
|
00:00:00 |
|
(W68A02) Module 2 Assignment |
UNLIMITED |
Module 3 |
|
(W68M3_01) SQL Injection |
|
00:00:00 |
|
(W68M3_02) OS command injection |
|
00:00:00 |
|
(W68M3_03) Xpath, LDAP, ORM injections |
|
00:00:00 |
|
(W68M3_04) Cross site scripting |
|
00:00:00 |
|
(W68M3_05) XXE injection |
|
00:00:00 |
|
(W68M3_06) Source code review |
|
00:00:00 |
|
(W68M3_07) Countermeasures |
|
00:00:00 |
|
(W68A03) Module 3 Assignment |
UNLIMITED |
Module 4 |
|
(W68M4_01) Threat Modeling |
|
00:00:00 |
|
(W68M4_02) Security architecture and modelling |
|
00:00:00 |
|
(W68M4_03) Threat Assessments |
|
00:00:00 |
|
(W68M4_04) Threat intelligence and countermeasures |
|
00:00:00 |
|
(W68A04) Module 4 Assignment |
UNLIMITED |
Module 5 |
|
(W68M5_01) Improper error handling |
|
00:00:00 |
|
(W68M5_02) Testing unnecessary features, permission, and accounts |
|
00:00:00 |
|
(W68M5_03) Testing directory listing |
|
00:00:00 |
|
(W68M5_04) Testing HTTP Methods |
|
00:00:00 |
|
(W68M5_05) Countermeasures |
|
00:00:00 |
|
(W68A05) Module 5 Assignment |
UNLIMITED |
Module 6 |
|
(W68M6_01) Automated Testing |
|
00:00:00 |
|
(W68M6_02) Testing outdated and vulnerable components/apps |
|
00:00:00 |
|
(W68M6_03) Manual component analysis and countermeasures |
|
00:00:00 |
|
(W68A06) Module 6 Assignment |
UNLIMITED |
Module 7 |
|
(W68M7_01) Default-bruteforcing and credential stuffing |
|
00:00:00 |
|
(W68M7_02) Credential recovery - forget password testing |
|
00:00:00 |
|
(W68M7_03) MFA/2FA Bypass |
|
00:00:00 |
|
(W68M7_04) Session fixation and authentication testing |
|
00:00:00 |
|
(W68M7_05) Countermeasures |
|
00:00:00 |
|
(W68A07) Module 7 Assignment |
UNLIMITED |
Module 8 |
|
(W68M8_01) Untrusted search paths and integrity checks |
|
00:00:00 |
|
(W68M8_02) Insecure deserialization |
|
00:00:00 |
|
(W68M8_03) SolarWinds case study |
|
00:00:00 |
|
(W68M8_04) Countermeasures |
|
00:00:00 |
|
(W68A08) Module 8 Assignment |
UNLIMITED |
Module 9 |
|
(W68M9_01) Security logging and monitoring overview |
|
00:00:00 |
|
(W68M9_02) Insufficient Logging |
|
00:00:00 |
|
(W68M9_03) Improper neutralization for Logs and Log4J, Log4shell |
|
00:00:00 |
|
(W68M9_04) Insertion of sensitive information in logs |
|
00:00:00 |
|
(W68M9_05) OPM hack - Case study |
|
00:00:00 |
|
(W68M9_06) Countermeasures |
|
00:00:00 |
|
(W68A09) Module 9 Assignment |
UNLIMITED |
Module 10 |
|
(W68M10_01) SSRF Basics attack |
|
00:00:00 |
|
(W68M10_02) SSRF to back-end IP |
|
00:00:00 |
|
(W68M10_03) SSRF-Whitelist based filter bypass |
|
00:00:00 |
|
(W68M10_04) SSRF-Blacklist based filter bypass |
|
00:00:00 |
|
(W68M10_05) SSRF via open redirection |
|
00:00:00 |
|
(W68M10_06) Testing anticsrf session token randomness |
|
00:00:00 |
|
(W68M10_07) Randomness testing real sites token |
|
00:00:00 |
|
(W68M10_08) Automating match replace |
|
00:00:00 |
|
(W68M10_09) OAST Testing |
|
00:00:00 |
|
(W68M10_10) Countermeasures |
|
00:00:00 |
|
(W68A10) Module 10 Assignment |
UNLIMITED |
Captions for M10 available soon! |
Final exam |
|
(W68Q1) Final Exam |
|
00:20:00 |