Preventing XXE Attacks [FREE COURSE CONTENT]

Jul 2, 2020

In this video from our  Web Apps Attack and Defense: Secure Coding our instructor Munir shows methods for preventing XXE attacks on web applications. This video assumes you know what XXE attacks are and how they work. You'll see what the methods of prevention are, together with a practical example! 



With this course, you will learn how to use the basic building blocks of web applications to attack and defend them. Web apps function in complex environments, and their attack surface is huge - both as a hacker and a defender, you need to know what happens under the hood - this is where this course comes in. You will benchmark coding practices against the top 10 threats affecting web applications.

We focus on offensive and defensive approaches to the code that lies beneath the front-end. If you’ve worked in this field for a while, you know that’s where the problems hide, it’s just a matter of finding and either exploiting or fixing them! Whether they’re working for you (when you’re pentesting) or against you (when you’re defending) understanding exactly how these attacks work is crucial. You will get exposed to various tools and techniques that can be used to enable us to analyze and fix security bugs in a majority of our PHP applications.

This course is based on PHP, but the concepts presented are applicable across the board and can be easily translated or directly applied into other frameworks (just in case you find yourself pentesting a web-app that’s not based on PHP - those are a minority!).

What skills will you gain? 

  • implementing security practices into coding
  • coding securely in PHP
  • detecting vulnerabilities in code
  • exploiting bad code during a pentest
  • using the OWASP Top 10 list in your testing
  • fixing and mitigating known bugs in PHP applications
  • preventing XXE, XSS, injection, and other types of attacks
  • countering scanners in web app development

Who this course is for: 

  • Security professionals, whatever color hat you’re wearing - if you want to pentest web apps, you need to know the things we talk about in this course. It will let you analyze the applications and underlying code with confidence in tests and reviews, and deepen your expertise.
  • Security-minded developers and coders - if you want to learn how attackers target the code, or if you want to see how easy-to-fix mistakes can result in serious vulnerabilities, and are curious how to mitigate against them, this workshop will take you on a steep learning curve to achieve that.
  • Project managers in security and commercial software houses - if you want to learn what your project needs in order to stay secure after you deploy it, and if you want to communicate effectively with developers and security experts on your team, this training will give you a well-rounded view of secure coding practices for web applications, as well as a deep understanding of web app attacks and defences.

[custom-related-posts title="Related content:" none_text="None found" order_by="title" order="ASC"]

Recommended From Hakin9
Lessons from SP Oswal and other recent Deep-fake Scams: How to combat sophisticated frauds

Scams in India are reaching a whole new level. Take the case of Sri S.P.

The New Frontier of Scamming: How Real-Time Bidding is Fueling Fraud

This happened in Australia. A citizen recently received a text message that seemed to know

Defining Cybersecurity in Healthcare

With healthcare accounting for 34% of cyberattacks in 2023, the sector is a prime target

Cybersecurity’s Toughest Battle: Why the bad guys keep winning

It’s hard to keep up with today’s cybersecurity landscape. Every time you think you’ve nailed

(327 views)
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023