Specialized Testing: Sessions and Tokens

Focused View

Christian Wenz

55:48

63 View

1. Course Overview

1. Course Overview.mp4

01:37

2. Session and Token Fundamentals

1. Course Overview.mp4

01:34

2. Cookies.mp4

01:38

3. Cookie Flags.mp4

02:13

4. Sessions.mp4

02:10

5. JWT (JSON Web Token).mp4

04:03

6. Looking at the Sample Application.mp4

01:34

3. Testing for Session Vulnerabilities

1. Types of Session Attacks.mp4

01:46

2. Session Hijacking.mp4

09:06

3. Session Fixation.mp4

04:20

4. Cross-site Request Forgery.mp4

07:05

5. Checking Session Properties.mp4

04:16

4. Testing for Token Vulnerabilities

1. Types of Token Attacks.mp4

03:25

2. Forging Tokens.mp4

04:27

3. Self-signing Tokens.mp4

02:20

4. Reusing Tokens.mp4

02:34

5. Course Summary.mp4

01:40

Description

Most web applications use sessions or tokens to maintain state or to implement authentication – and many can be attacked there. This course will teach you how to test for these kinds of vulnerabilities.

What You'll Learn?

Sessions and tokens are often a weak spot in web applications when it comes to security. In this course, Specialized Testing: Sessions and Tokens, you’ll learn to audit an application for vulnerabilities in this area. First, you’ll explore the mechanics of sessions and tokens. Next, you’ll discover different ways to exploit session vulnerabilities. Finally, you’ll learn how to exploit token vulnerabilities. When you’re finished with this course, you’ll have the skills and knowledge of testing for session and token vulnerabilities in web applications needed to audit a web application.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Web App Development

Cyber Security

Network Security

Information Security

Cyber Security Awareness

Christian Wenz

Instructor's Courses

Christian Wenz is an author, consultant and trainer focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for ASP.NET, an ASPInsiders member, and main author of the Zend PHP 5.5 certification. His day job at Munich/London-based Arrabiata Solutions (http://www.arrabiata.com/) includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy and web technology mix.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.