Web Security Course

WebSec Playlist

Videos introducing web security such as XSS (cross site scripting), CSRF (cross site request forgery) and other attacks. But also teach basics, like the HTTP Protocol.

If you are a beginner, I suggest you to start from the beginning. If you are already experienced, just try out a video and see if you understand it.

There is also a multipart series on AngularJS sandbox escapes.

Before we get into security stuff we have to talk a little bit about the basics of web development. A very fast introduction to HTML, CSS and JavaScript.

We perform a HTTP GET Requesy by hand and learn how a webserver works.

We learn about simple php web apps and why it's so common that php applications have XSS issues. It's all about shitty tutorials.

Showing off some cross site scripting techniques and looking at the chrome XSS Auditor

What is cross site request forgery and what does it have to do wwith the same-origin policy.

Reading from the famous paper "The Confused Deputy" by Norm Hardy and make a connection to modern web vulnerabilities like XSS and CSRF.

In 2017 a cool bug was reported by a researcher, which lead me down a rabbit hole to a 2014 and even 2009 bug. This provides interesting insight into how web security research looks like.

Search Tags