SQL Injection
-
SQL Injection | Complete Guide (71:35)
-
Lab #1 SQL injection vulnerability in WHERE clause allowing retrieval of hidden data (29:06)
-
Lab #2 SQL injection vulnerability allowing login bypass (33:22)
-
Lab #3 SQLi UNION attack determining the number of columns returned by the query (34:00)
-
Lab #4 SQL injection UNION attack, finding a column containing text (29:08)
-
Lab #5 SQL injection UNION attack, retrieving data from other tables (24:45)
-
Lab #6 SQL injection UNION attack, retrieving multiple values in a single column (29:24)
-
Lab #7 SQL injection attack, querying the database type and version on Oracle (26:50)
-
Lab #8 SQLi attack, querying the database type and version on MySQL & Microsoft (22:16)
-
Lab #9 SQL injection attack, listing the database contents on non Oracle databases (45:18)
-
Lab #10 SQL injection attack, listing the database contents on Oracle (40:24)
-
Lab #11 Blind SQL injection with conditional responses (48:38)
-
Lab #12 Blind SQL injection with conditional errors (44:59)
-
Lab #13 Blind SQL injection with time delays (19:08)
-
Lab #14 Blind SQL injection with time delays and information retrieval (35:37)
-
Lab #15 Blind SQL injection with out-of-band interaction (10:19)
-
Lab #16 Blind SQL injection with out of band data exfiltration (8:17)
Directory Traversal
OS Command Injection
-
Command Injection | Complete Guide (29:58)
-
Lab #1 OS command injection, simple case (18:03)
-
Lab #2 Blind OS command injection with time delays (19:32)
-
Lab #3 Blind OS command injection with output redirection (25:51)
-
Lab #4 Blind OS command injection with out-of-band interaction (6:35)
-
Lab #5 Blind OS command injection with out-of-band data exfiltration (7:33)
Access Control Vulnerabilities
-
Broken Access Control | Complete Guide (38:05)
-
Lab #1 Unprotected admin functionality (15:06)
-
Lab #2 Unprotected admin functionality with unpredictable URL (22:56)
-
Lab #3 User role controlled by request parameter (23:42)
-
Lab #4 User role can be modified in user profile (21:39)
-
Lab #5 URL-based access control can be circumvented (15:23)
-
Lab #6 Method-based access control can be circumvented (17:23)
-
Lab #7 User ID controlled by request parameter (21:24)
-
Lab #8 User ID controlled by request parameter, with unpredictable user IDs (29:18)
-
Lab #9 User ID controlled by request parameter with data leakage in redirect (21:36)
-
Lab #10 User ID controlled by request parameter with password disclosure (27:13)
-
Lab #11 Insecure direct object references (22:44)
-
Lab #12 Multi-step process with no access control on one step (16:25)
-
Lab #13 Referer-based access control (14:15)
Server-Side Request Forgery (SSRF)
-
Server-Side Request Forgery (SSRF) | Complete Guide (45:31)
-
Lab #1 Basic SSRF against the local server (21:31)
-
Lab #2 Basic SSRF against another back-end system (26:53)
-
Lab #3 SSRF with blacklist-based input filter (20:08)
-
Lab #4 SSRF with whitelist-based input filter (21:04)
-
Lab #5 SSRF with filter bypass via open redirection vulnerability (18:36)
-
Lab #6 Blind SSRF with out-of-band detection (6:01)
-
Lab #7 Blind SSRF with Shellshock exploitation (12:41)
Cross-Site Request Forgery (CSRF)
-
Cross-Site Request Forgery (CSRF) | Complete Guide (47:02)
-
Lab #1 CSRF vulnerability with no defenses (22:22)
-
Lab #2 CSRF where token validation depends on request method (20:33)
-
Lab #3 CSRF where token validation depends on token being present (14:29)
-
Lab #4 CSRF where token is not tied to user session (18:01)
-
Lab #5 CSRF where token is tied to non-session cookie (27:06)
-
Lab #6 CSRF where token is duplicated in cookie (20:36)
-
Lab #7 CSRF where Referer validation depends on header being present (19:32)
-
Lab #8 CSRF with broken Referer validation (17:59)
Cross-origin Resource Sharing (CORS)
-
Cross-Origin Resource Sharing (CORS) | Complete Guide (50:49)
-
Lab #1 CORS vulnerability with basic origin reflection (15:13)
-
Lab #2 CORS vulnerability with trusted null origin (19:08)
-
Lab #3 CORS vulnerability with trusted insecure protocols (23:32)
-
Lab #4 CORS vulnerability with internal network pivot attack (35:21)
Cross-Site Scripting (XSS)
What's Next?
