Courses

  • 26 Lessons

    Injection Attacks: The Free 2020 Guide

    Description: In this course, we explore the biggest risk facing web applications: injections. While we will focus primarily on SQL injections, there are other types of injections such as OS command, LDAP, XPATH, XML, and SMTP header injections, which are all listed in the OWASP Top 10 risks. In order to truly understand how injections work, we have to learn hands-on by executing attacks against vulnerable applications, and that's exactly what we'll do in this course. We start out by setting up safe and legal environments, and then we go on the offense exploring each successful and unsuccessful attack to understand what's going on, and ultimately, how to protect our apps against such vulnerabilities. So if you're looking for hands-on learning, this is your course!

    Duration: ~4 hours

    Difficulty: Beginner to Intermediate

    Recommended pre-requisites:

    Topics Covered:

    • Explore the power of injections as listed by OWASP in their top 10 risks (including SQL injections)
    • Follow along as we attack applications legally & safely
    • Learn defense controls against injections
  • 26 Lessons

    Introduction to Application Security (AppSec)

    Description: In this course, we provide a thorough yet high-level understanding of Application Security concepts as they relate to web, mobile, and cloud-based applications. It is intended to provide a foundational overview of core concepts so that you can dive deeper into those respective areas of interest.

    Duration: ~3 hours

    Difficulty: Beginner

    Pre-Requisites:

    • Experience: 2+ years of general programming
    • Courses: None

    Topics Covered:

    • Core concepts of AppSec
    • Important frameworks & tools to help create more secure software
    • OWASP for Web & Mobile applications
    • Cloud application security concepts
    • Application Security testing methodologies
    • Hands-on pentesting demonstrations
  • 11 Lessons

    Introduction to OS Command Injections

    Description: In this course, we explore OS Command Injections all the way from concepts to practice. OS Command Injections are part of the OWASP Top 10 Web Application Security Risks, and as you will see in this course, this threat can result in serious damages if left unchecked. We start out the course by setting up safe and legal lab environments that will be used for us to pentest because we will be taking a hands-on approach to learning. After our environments are ready, we go over the core concepts of OS Command Injections. Then, we apply those concepts hands-on by performing manual and automated attacks against vulnerable applications. Finally, we conclude the course by learning how to protect our apps with security controls and defensive mechanisms recommended by experts.

    Duration: 1 hour 15 minutes

    Difficulty: Beginner to Intermediate

    Recommended pre-requisites:

    • Experience working with web applications
    • Experience with OS commands (Linux or Windows)

    Topics Covered:

    • Explore the threat of OS Command injections as listed by OWASP in their top 10 web risks (Injections)
    • Follow along as we attack applications legally & safely
    • Learn defensive controls that can be applied to your applications