Learning Path: Application Security Essentials
Injections, XXE, and Insecure Deserialization
Understanding the core principles of Application Security is the difference between building software that’s secure and one that’s easily exploitable. This course is a deep dive into some of the most common and frequently occurring vulnerabilities your applications are likely to have over the course of development.
Over the course of 5 modules, we’ll take you through real-world techniques of how to attack applications using Injection flaws, XML External Entities (XXE), Insecure Deserialization and Server-Side Request Forgery. We’ll counter these with battle-tested strategies to defend against each of them. Every module is packed with live labs that you’ll do alongside the trainer so you get practical experience with real-world vulnerabilities.
At the end of this course, you’ll come away with a comprehensive understanding of some of the most commonly occurring vulnerabilities that affect applications today. Our material is a distillation of years of security testing experience, knowledge, and original research across our entire team. That means you’ll be able to take everything you’ve learned and implement it directly in a modern development environment.
Proficiency: Beginner
Audience: Application Security
Course Duration: 4 hours
34 lessons
5 Cloud Labs
Course Outline
Introduction
- Course Introduction
- Course Pre-requisites
Injection Flaws
- Introduction and Overview – Injection Flaws
SQL Injection
- Introduction – SQL Injection
- SQL Injection – Additional Exploits
- Protecting against SQL Injections – Parameterized Queries
- Protecting against SQL Injection – ORM and other controls
Server-Side Template Injection
- Server-Side Template Injection – Overview
- Server-Side Template Injection – Attack and Defense
XML External Entities (XXE)
- Introduction and Overview – XML External Entities (XXE)
- Defending against XXE
Insecure Deserialization
- Intro and Overview – Insecure Deserialization
- Insecure Deserialization – Real-world attacks
- Defending against Insecure Deserialization