This is a 12 week (72 hour) course on Application Security covering a variety of topics designed to give students the tools and knowledge they need to make their applications more secure.
- Week 01 - Introduction to APIs and Development Tools
- Week 02 - SQL Injection and Cross Site Scripting
- Week 03 - Cross-Site Scripting Cont. and Keylogging
- Week 04 - Authentication and Authorization
- Week 05 - Authorization Cont. and Cross-Site Request Forgery (CSRF)
- Week 06 - Authorization Continued and Server Hardening
- Week 07 - Refresh Tokens, Roles, and Session Hijacking
- Week 08 - NoSQL Injection and MEAN Stack Vulnerabilities
- Week 09 - Encryption and SSL/TLS Certificates
- Week 11 - Kali Linux and Audit Logging
- Week 12 - Secure Development and Testing
- Week 01 - Basic Insecure Web App Example
- A simple example to build familiarity with Node Express, Postgres, Docker, and Postman
- Week 02 - Insecure Blog App Part 1
- A work-in-progress blogging application that we will build up in the coming weeks. This application is the perfect platform for us to learn and practice application security fundamentals.
- Week 02 - Cross-Site Scripting Sandbox
- This sandbox will let us test out different types of script injections.
- Week 03 - Insecure Blog App Part 2
- A work-in-progress blogging application that we will build up in the coming weeks. This application is the perfect platform for us to learn and practice application security fundamentals.
- Week 03 - Echo Server
- This logging server will accept requests from our Keylogger, print them to the console, and save them to the Database.
- Week 04 - Insecure Blog App Part 3
- A work-in-progress blogging application with basic user authentication and authorization
- Week 05 - Insecure Blog App Part 4
- A work-in-progress blogging application with basic user authentication and authorization
- This week we've added authorization via cookies
- Week 05 - CSRF Example
- This example app performs a CSRF attack on our blogging app when using cookies to authorize the user
- Week 06 - Insecure Blog App Part 5
- A work-in-progress blogging application with basic user authentication and authorization
- This week we've added authorization via tokens
- Week 06 - CSP Example
- This simple app demonstrates using the
Content-Security-Policyto control what source is allowed in an iframe.
- This simple app demonstrates using the
- Week 07 - Insecure Blog App Part 6
- A work-in-progress blogging application with basic user authentication and authorization
- This week we've added authorization via cookies and tokens
- Week 07 - Payload RX
- A special purpose app :)
- Week 08 - Insecure Blog App Part 7
- A work-in-progress blogging application with basic user authentication and authorization
- Week 09 - Insecure Blog App Part 8
- This week we have added encryption to sensitive user fields