In this video from our Web Apps Attack and Defense: Secure Coding our instructor Munir shows methods for preventing XXE attacks on web applications. This video assumes you know what XXE attacks are and how they work. You'll see what the methods of prevention are, together with a practical example!
With this course, you will learn how to use the basic building blocks of web applications to attack and defend them. Web apps function in complex environments, and their attack surface is huge - both as a hacker and a defender, you need to know what happens under the hood - this is where this course comes in. You will benchmark coding practices against the top 10 threats affecting web applications.
We focus on offensive and defensive approaches to the code that lies beneath the front-end. If you’ve worked in this field for a while, you know that’s where the problems hide, it’s just a matter of finding and either exploiting or fixing them! Whether they’re working for you (when you’re pentesting) or against you (when you’re defending) understanding exactly how these attacks work is crucial. You will get exposed to various tools and techniques that can be used to enable us to analyze and fix security bugs in a majority of our PHP applications.
This course is based on PHP, but the concepts presented are applicable across the board and can be easily translated or directly applied into other frameworks (just in case you find yourself pentesting a web-app that’s not based on PHP - those are a minority!).
What skills will you gain?
- implementing security practices into coding
- coding securely in PHP
- detecting vulnerabilities in code
- exploiting bad code during a pentest
- using the OWASP Top 10 list in your testing
- fixing and mitigating known bugs in PHP applications
- preventing XXE, XSS, injection, and other types of attacks
- countering scanners in web app development
Who this course is for:
- Security professionals, whatever color hat you’re wearing - if you want to pentest web apps, you need to know the things we talk about in this course. It will let you analyze the applications and underlying code with confidence in tests and reviews, and deepen your expertise.
- Security-minded developers and coders - if you want to learn how attackers target the code, or if you want to see how easy-to-fix mistakes can result in serious vulnerabilities, and are curious how to mitigate against them, this workshop will take you on a steep learning curve to achieve that.
- Project managers in security and commercial software houses - if you want to learn what your project needs in order to stay secure after you deploy it, and if you want to communicate effectively with developers and security experts on your team, this training will give you a well-rounded view of secure coding practices for web applications, as well as a deep understanding of web app attacks and defences.