Security - Datamatiker 4. semester
Project maintained by DatSecDK
Hosted on GitHub Pages — Theme by mattgraham
← Back
Week-2
Day-1 (Tuesday) A2 + A5
What to Read
At first, it might seem like there are an awful lot to read, but totally it sums up to 10-15 pages only, if you distribute the readings among your group as suggested below, so just go ahead a start reading ;-)
A2
- Read the OWASP description for A2 (10 min.)
- Read about credential stuffing (5 min.)
- Read/skim some of the references given in A2. You should distribute the “readings” among your group, since one of the exercises for day-1, will be to explain what you have read, to the rest of your group.
- Make sure that you all read/skim (10-15 min.) the Cheat Sheet related to session management, since this is where we will focus our practical attacks day-2
Watch
If you prefer to watch/listen this video is short but still pretty informative
A5
- Read the OWASP description for A5 (5-10 min.)
- Read/skim some of the references given in A5. You should distribute the “readings” among your group, since one of the exercises for day-1, will be to explain what you have read, to the rest of your group.
If you have time, watch this video (22.min) for a lot of “broken authentication” examples
Learning Goals
See the possible exam questions for A2 + A5, for the best description of learnings goals for this day
Exercises
A2 and A5
Slides
A2 and A5
Day-2 (Thuersday) A7 Cross-Site Scripting (XSS)
Much of the day will be focused aroung a Live Hacker Content. Prepare yourself by watching the video given below. I will set up a simple “hackable” Session based Server. The first one to succeed in stealing a SessionID, and another user’s secret information, and explain for the class “the steps involved” wins a GOOD beer :-)
Snippet-file for today
TBD
What to read
Slides
XSS
Exercises
A7, Cross Site Scripting