Learn how to fix your security issues, but stay out of your ex's Facebook account!
Hey teach! What are we going to learn?
Use your new powers for good....
Rock your sox with proxies
IP addresses and ports make the internet work
Starting our hacking adventures with our first hacking tool
Not-so-lost in translation
Let's break into some user accounts
Without a username and password, how can you possibly get in?
Want emails? Get collecting! In this lesson we'll use Harvester to collect emails
Automating Bruteforce attacks
Wrong error message
Friends don't let friends create stupid passwords
The rack-attack gem is designed to protect your web app from bad clients
Can we hack URL's to access other user's accounts?
Don't trust users, let's fix the parameter security bug
Searching through open source sites
Let's guess some admin links!
Finding hidden features
Locking down the Admin page
Remember Myspace? Jon and Chris take a trip down memory lane
Where's the Beef? An XSS hacking framework
Changing SQL queries for evil
Let's review SQL
Finding SQL injection
Extracting the database
A safer way to query the database
Shhh! Storing secret data
Let’s grab some passwords!
Let's crack some passwords!
Let's strengthen our password hashes with BCrypt and Salt values
Adding encryption to secret data
Let's review some crypto code!
Encrypting Model Data
System calls can be dangerous, and lead to the complete compromise of a server. P0wnage!
How to securely handle files
Let's discuss APIs
Let’s hack some API’s and understand how they can be broken
Limiting API data
Let's talk about forging requests
How do you fake a request for another user, for fun and profit?
CSRF in action
Let's check out a real life example - Hacking Gmail
Mass Assignment in Rails
Mass Assignment exploit
Preventing Mass Assignment
Hacking Github with Mass Assignment
I like my params like I like my coffee...strong
Downloads, uploads, oh my. What could go wrong?
Stopping unauthorized downloads!
Let’s take a look at some problems related to upgrades, patching, and old and busted packages
Keeping it all in the family
Redirections gone wild
Locking down redirection
Make sure no villains try to redirect you users to evil websites
Brakeman's super power can be used to identify security issues
A good toolbox will help you keep your code running smoothly and securely
A cool non-profit that focuses on web app security
Introduction to OWASP
Crack it! You think you can hack it?
Let's dig into this Rails-Tumblr app
Apply it! Hack your own site
Already have an account?
Don't have an account yet?