[Pluralsight] Web App Hacking: Sensitive Data Exposure - Pluralsight
Web App Hacking: Sensitive Data Exposure - Pluralsight

Web App Hacking: Sensitive Data Exposure - Pluralsight

image description

Course Description

This course helps to understand various types of sensitive data exposure in modern web applications. You'll learn about testing for sensitive data exposure, common problems, and countermeasures. Sensitive data exposure can lead to very severe consequences (user impersonation, account takeover, disclosure of credentials – to name a few). In this course, Web App Hacking: Sensitive Data Exposure, you'll learn about various types of sensitive data exposure in modern web applications. First, you'll see how the attacker can learn the credentials to the database as a result of insecure error handling. Next, you'll learn how the attacker can read the content of sensitive files, when the files are insecurely processed. You'll also learn how to extract the metadata from publicly available files and how sensitive information can be found in metadata. After that, you'll see how easily the attacker can go from the disclosure of software version to remote code execution on the production server.

Then, you'll learn about insecure communication channel between the browser and the web application. Finally, you'll learn about the disclosure of cookie with sensitive data and you'll see how the URL with sensitive information can leak to external domain via Referer header. By the end of the course, you'll know how to test web applications for different types of sensitive data exposure and how to provide countermeasures for these problems.

What you will learn

Hi everyone, my name is Dawid. Welcome to my course, Web App Hacking: Sensitive Data Exposure. I am a security instructor, researcher, and bug hunter. In this course, I will show you various types of sensitive data exposure in modern web applications. I will demonstrate how the attacker can learn the credentials to the database, as a result of insecure error handling. You will learn how the attacker can read the content of sensitive files when the files are insecurely processed. I will show you how to extract the metadata from publicly-available files, and how sensitive information can be found in metadata. I will demonstrate how easily the attacker can go from the disclosure of software version to remote code execution on the production server. You will learn about insecure communication channel between the browser and the web application. And you will also learn about other problems related to sensitive data exposure in modern web applications. By the end of the course, you will know how to test web applications for various types of sensitive data exposure, and how to provide countermeasures for these problems. I hope you will join me on this journey to learn about sensitive data exposure with the Web App Hacking: Sensitive Data Exposure course at Pluralsight.

Curriculum

Section 1: Course Overview

Section 2: Introduction

Section 3: Insecure Error Handling

Section 4: Disclosure of Sensitive Files

Section 5: Information Disclosure via Metadata

Section 6: Underestimated Risk: Disclosure of Software Version

Section 7: Insecure Communication Channel

Section 8: Leakage of Cookie with Sensitive Data

Section 9: Leakage of Sensitive Data via Referer Header

Section 10: Summary