Understanding the core principles of Application Security is the difference between building software that’s secure and one that’s easily exploitable. This course is a deep dive into some of the most common and frequently occurring vulnerabilities your applications are likely to have over the course of development.
This course, Injections, XXE, and Insecure Deserialization, contains 5 modules, each dealing with a different common vulnerability. To begin, we’ll take you through real-world techniques of how to attack applications using Injection flaws, XML External Entities (XXE), Insecure Deserialization and Server-Side Request Forgery (SSRF).
Next, we’ll counter these with battle-tested strategies to defend against each of them. Every module is packed with hands-on labs that you’ll do alongside the trainer. This ensures you get practical experience dealing with real-world vulnerabilities as you’re learning about them.
At the end of this course, you’ll come away with a comprehensive understanding of some of the most commonly occurring vulnerabilities that affect applications today. You’ll be able to take everything you’ve learned about Injection vulnerabilities, XXE, and Insecure Deserialization and implement it in a modern development environment.
Understanding SQL Injection
Defending against SQL Injection
Server-Side Template Injection against NodeJS apps
Attack & Defense - XXE
Attack & Defense - Insecure Deserialization
Injection Flaws – An Introduction
Parser Flaws – An Introduction and Overview
History of Breaches with Injection and Parser flaws
Types of Injection Flaws
How Injection Flaws work
SQL Injection – Attack and Defense
Labs: SQL Injection Attack and Defense
Server-Side Template Injection – Attack and Defense
Labs: Server-Side Template Injection
OS Command Injection – Attack and Defense
Labs: OS Command Injection
XML – DTD and Entities
XML Parsers, their Configuration and XXE
XXE Effects and Attack Possibilities
Lab: Attacking XXE Vulnerabilities to do:
Lab: Defending against XXE – Parser Configuration
Lab: Defending against XXE – Library Scanning
Overview – Serialization and Deserialization
Platform-specific and agnostic Serialization formats
Insecure Deserialization: A Primer
Breaches and Real-world attacks caused by Insecure Deserialization
Lab: Attacking Insecure Deserialization for Remote Code Execution
Defending against Insecure Deserialization:
URL Parsers and their inconsistencies
In Redirect we trust: Parser Inconsistencies and Server-Side Request Forgery
Effects and Real-world impacts of Server-side request forgery attacks
Lab: Attacking Server-Side Request Forgery
Lab: Defending against Server-Side Request Forgery