Web Security and Hacking for Beginners

Course Curriculum

Chapter 1: Day 1: Introduction

Lecture 1: Hacking into One Month with Jon and Chris!

Lecture 2: An Overview of the App We Are Hacking

Lecture 3: Legal Disclaimer

Chapter 2: Day 2: Hacker Tools – The Proxy

Lecture 1: Let's Dive into Proxies with Jon and Chris

Lecture 2: Understanding Ports

Lecture 3: Intro to Proxies

Lecture 4: Intercepting Requests with Burp

Lecture 5: Fun With Encoding

Chapter 3: Day 3: Account Bruteforcing

Lecture 1: What is Bruteforcing?

Lecture 2: Guessing Usernames and Passwords

Lecture 3: Harvesting One Month

Lecture 4: Password Attacks

Lecture 5: Fixing Error Message

Lecture 6: Enforcing Strong Passwords

Lecture 7: Preventing Brute Force Attacks

Chapter 4: Day 4: Breaking Authorization Controls

Lecture 1: Trusting Users

Lecture 2: Securing Request Parameters

Lecture 3: Searching For Vulnerabilities

Lecture 4: Finding Hidden Pages

Lecture 5: Automating File and Directory Discovery with Dirbuster

Lecture 6: Enforcing Admin Access

Chapter 5: Day 5: Cross Site Scripting

Lecture 1: Let's Discuss "Cross-Site Scripting"

Lecture 2: Javascript Hacks Using Cross-Site Scripting (XSS)

Lecture 3: Hacking Tool – Beef

Chapter 6: Day 6: SQL Injection

Lecture 1: Jon and Chris Break Down SQL Injection

Lecture 2: Introduction to Database Queries Using SQL

Lecture 3: Detecting SQL Injection

Lecture 4: Hack Tool – Sqlmap

Lecture 5: Fixing SQL Injection Vulnerabilities

Chapter 7: Day 7: Encryption and Storing Secrets

Lecture 1: Storing Secrets

Lecture 2: Keeping Passwords

Lecture 3: Hack Tool – John The Ripper

Lecture 4: Stronger Hashes with Bcrypt

Lecture 5: Protecting Sensitive Information in a Database

Lecture 6: Reviewing Encryption Code

Lecture 7: Applying Encryption

Lecture 8: Masking Sensitive Data

Chapter 8: Day 8: Calling System Commands

Lecture 1: Exploiting System Commands

Lecture 2: Securing File Operations

Chapter 9: Day 9: API Security

Lecture 1: "What the Heck is an API?"

Lecture 2: Accessing Models Using an API

Lecture 3: Securing an API

Chapter 10: Day 10: Cross-Site Request Forgery

Lecture 1: Explaining Cross Site Forgery

Lecture 2: Ruin a Vacation Using Cross-Site Request Forgery

Lecture 3: Building a Cross-Site Request Forgery Attack

Lecture 4: Hacking Gmail Using CSRF

Lecture 5: Protecting Against CSRF

Chapter 11: Day 11: Mass Assignment

Lecture 1: Understanding Mass Assignment

Lecture 2: Privilege Escalation Using Mass Assignment

Lecture 3: Preventing Mass Assignment

Lecture 4: Hacking Github Using Mass Assignment

Lecture 5: Enhancing Mass Assignment with Strong Parameters

Chapter 12: Day 12: Insecure Downloads

Lecture 1: Hacking Download Functionality

Lecture 2: Securing File Downloads

Chapter 13: Day 13: Keeping Up To Date

Lecture 1: "Why Do I Have to Update Rails?"

Lecture 2: Maintaining Ruby, Rails, and Gems

Chapter 14: Day 14: URL Redirection

Lecture 1: URL Redirection Explained

Lecture 2: Understanding URL Redirection Attacks

Lecture 3: Exploiting URL Redirection

Lecture 4: Fixing URL Redirection Vulnerabilities

Chapter 15: Day 15: Security Tools – Brakeman

Lecture 1: Code Audits with Brakeman

Lecture 2: Hack Tool – Brakeman

Chapter 16: Day 16: OWASP

Lecture 1: What Can OWASP Do for You?

Lecture 2: Additional Resources – OWASP

Chapter 17: Day 17: Rumblr

Lecture 1: A Rumblr in the Jungle with Jon and Chris

Lecture 2: Rumblr Walkthrough

Chapter 18: Day 18: Rumblr Security Issues

Lecture 1: Rumblr Hack #1

Lecture 2: Rumblr Hack #2

Lecture 3: Rumblr Hack #3

Lecture 4: Rumblr Hack #4

Lecture 5: Rumblr Hack #5

Lecture 6: Rumblr Hack #6

Chapter 19: Going Deeper with Jon Rose

Lecture 1: Hey Jon, "What's Next?"

Lecture 2: What is a Bug Bounty?

Lecture 3: What's the Day in the Life of a Web Security Hacker?