Play all

Intro

What is this web

Browsers!

How can I see what a browser is doing?

Setting up your Browser Proxy.

What is a HTTP Request?

URL Structure

COOOKIES YOU SAY?

HTML Responses

Attacker Mentality

Who is your threat?

What do you want to get?

How will you get it?

Insufficient Authentication Tips

Insufficient Authorization

Authorization Tips & Tricks

Session Hi-Jacking (Session Fixation)

Cross Site Scripting (XSS)

XSS EXAMPLE

Common XSS Test Strings

XSS Analysis

What is SQL?

Common SQLi Uses

SQL Injection Workflow

Cross Site Request Forgery (CSRF)

CSRF Attack Scenario

Quick Bonuses

Description:

Explore application security fundamentals in this 43-minute DerbyCon conference talk. Dive into web browser mechanics, HTTP requests, and URL structures. Learn to set up browser proxies, understand cookies, and analyze HTML responses. Adopt an attacker's mindset by identifying threats and objectives. Discover tips for addressing insufficient authentication and authorization, and explore common vulnerabilities like session hijacking, cross-site scripting (XSS), SQL injection, and cross-site request forgery (CSRF). Gain practical insights with examples, test strings, and attack scenarios to enhance your web application security knowledge.

Appsec TLDR

Add to list

#Conference Talks #DerbyCon #Programming #Software Development #Application Security (AppSec) #Computer Science #Authorization #Web Development #Cookies #HTTP Requests #Information Security (InfoSec) #Ethical Hacking #Session Hijacking

0:00 / 0:00