Setup and Introduction to Cross Site Scripting Attacks-Getting Started
A Note From UC Davis
Course Introduction
()
Overview of Resources and Tools for This Course
()
Setup and Introduction to Cross Site Scripting Attacks-Getting Your Environment Set-Up
Setup and Introduction to Cross-site Scripting
()
Tips and Tricks to Use Git for Course and Project
()
How to Import WebGoat into IDE
()
How to Run WebGoat in a Docker Container
()
Setup and Introduction to Cross Site Scripting Attacks-Cross-site Scripting (XSS)
Injection Attacks: What They Are and How They Affect Us
()
Cross-site Scripting (XSS), Part 1
()
Protecting Against Cross-site Scripting (XSS), Part 2
()
OWASP Cross Site Scripting Prevention Cheat Sheet
Patching Reflected Cross-site Scripting (XSS), Part 3
()
Stored Cross-site Scripting (XSS)
()
Dangers of Cross-site Scripting (XSS) Attacks
()
Setup and Introduction to Cross Site Scripting Attacks-Lab Activity and Review
A Note About Finding Lessons on WebGoat
()
Introduction to Labs (Peer Reviewed)
()
Note About Peer Review Assignments
Injection Attacks-Injection Attacks
Injection Attacks
()
Tutorial: Using a Proxy to Intercept Traffic from Client to Servers
()
OWASP SQL Injection Prevention Cheat Sheet
SQL Syntax and Basics: Putting On the Attacker Hat
()
Solution to SQL Injection Attacks (SQLi)
()
SQL Injection Attacks: Evaluation of Code
()
OWASP XML External Entity Prevention Cheat Sheet
XML External Entity (XXE) Attacks
()
Demo of an XML External Entity (XXE) Attack to Gain Remote Code Execution (RCE)
()
Evaluation of Code - XXE through a REST Framework
()
Solution: Evaluation of Code - XXE through a REST Framework
()
Patching the XXE Vulnerability
()
Authentication and Authorization-Authentication and Authorization
Authentication and Authorization
()
OWASP Transaction Authorization Cheat Sheet
Introduction to Authentication Flaws in WebGoat
()
Authentication Bypass Exploit
()
Tips and Tricks for Burp Suite: Use Proxy to Intercept Traffic
()
Solution to Authentication Bypass: Evaluation of Code
()
Finding Vulnerabilities and Logical Flaws in Source Code
()
Authentication and Authorization-JSON Web Tokens (JWT)
Introduction to JSON Web Tokens (JWT) and Authentication Bypass
()
A Beginner's Guide to JWTs in Java'
Authentication Flaw JSON Web Tokens (JWT)
()
Solution Demo: Exploiting JSON Web Tokens (JWT)
()
Evaluating Code to Find the JSON Web Tokens (JWT) Flaw
()
Hint Video: (JWT) Patching the Vulnerable Code in WebGoat
()
Solution to Patch JWT Flaw
()
Dangers of Vulnerable Components and Final Project-Dangers of Vulnerable Components
Dangers of Vulnerable Components Introduction
()
Vulnerable Components (XStream Library)
()
Solution: Fixing Vulnerabilities with XStream
()
Article: How Hackers Broke Equifax: Exploiting a Patchable Vulnerabil
Article: Exploiting OGNL Injection in Apache Struts
Dangers of Vulnerable Components and Final Project-Graded Peer Assignment
Introduction to Labs (Peer Reviewed)
()
Note About Peer Review Assignments
Dangers of Vulnerable Components and Final Project-Course Summary
Course Summary
()