nVisium Top 3: Rails edition
This is the third episode of SecCasts Live and is hosted by Ken Johnson. Ken discusses the top 3 most prevalent and most harmful Ruby on Rails security vulnerabilities – Mass Assignment, Injection, and MetaProgramming.
Rails - OWASP Top 10, A8 (CSRF)
This tutorial discusses Cross-Site Request Forgery (CSRF), Rails anti-CSRF mechanisms, commons mistakes in Rails applications, as well as a demonstration of the attack.
Building Secure Android Apps
This is the second episode of SecCasts Live and is hosted by Jack Mannino. Jack explores the Lollipop Android distribution and discusses what is changed and how to leverage new APIs in order to enhance your Android application's security level.
Exploring Obscure Web App Vulnerabilities
This is the first episode of SecCasts Live and it is hosted by Tim Tomes. Tim explores obscure web application vulnerabilities such as Session Fixation, Method Interchange, and CSRF.
Rails - OWASP Top 10, A7 (Access Control)
This tutorial discusses Missing Function Level Access Control and how it occurs in Rails applications. This category of weakness is listed as OWASP's A7 category. We demonstrate weaknesses in access control as well as defensive measures.
Time-Based Username Enumeration
This tutorial is focused around demonstrating the enumeration of valid accounts on web sites leveraging time-based comparison code written by the video's author, John Poulin. We briefly describe the topic of username enumeration, demonstrate a couple examples of trivial types of enumeration, and then launch into the heart of the tutorial.
We demonstrate vulnerable application code, a proof of concept tool for enumerating users via time-comparison, and discuss how this all works.
Rails - OWASP Top 10, A6 (Exposure)
This tutorial discusses Sensitive Data Exposure in Ruby on Rails applications as well as prevention and is listed as OWASP's A6 category. We demonstrate implementing encryption, hashing passwords using Bcrypt, preventing model attribute exposure, and filtering in our logs.
Rails - OWASP Top 10, A5 (Misconfiguration)
This tutorial covers common security misconfigurations in Ruby on Rails applications as well as prevention and is listed as OWASP's A5 category. We demonstrate the use of tools to detect outdated software, basic configuration options, and more.
Rails - OWASP Top 10, A2 (Authentication)
This tutorial covers authentication weaknesses and is part 2 of a 2 part tutorial on OWASP's A2 category. We discuss and demonstrate password complexity weaknesses, username enumeration, brute-force authentication attacks, and insecure forgot password functions. Additionally, we provide preventive techniques for both custom authentication schemas in Rails as well as Devise.
Rails - OWASP Top 10, A4
In this tutorial, we cover Insecure Direct Object Reference (IDOR) weaknesses and how they manifest in Ruby on Rails. We show preventive measures that can be taken and demonstrate how the attack occurs and the core problem. IDOR is listed as A4 on OWASP'S Top 10.
Rails - OWASP Top 10, A2 (Sessions)
This tutorial covers session related weaknesses and is part 1 of a 2 part tutorial on OWASP's A2 category. We demonstrate session fixation weaknesses and provide the resolution, thoroughly explain the difference between client and server session store as well as how to change your configuration, and explain cookie flags and how to set them.
Grails - OWASP Top 10, A5
In this tutorial, we discuss the Security Misconfiguration section of OWASP's Top 10 (A5). We provide tools for monitoring your environment and some basic checks for security misconfiguration in Grails.
Rails - OWASP Top 10, A1
This tutorial explains common ways in which SQL Injection and Command Injection (A1) manifest within a Ruby on Rails application. We demonstrate both impact and remediation and provide helpful resources to learn more about dangerous methods and use cases in ActiveRecord.
Swift.nV Tutorial Part 1 - OWASP Mobile Top 10
In this tutorial, we demonstrate two of the OWASP Mobile Top 10 categories. Insecure Data Storage and Unintended Data Leakage. We show how these flaws manifest in a Swift application. Seth Law, the creator of nVisium's open source project Swift.nV, uses the vulnerable Swift.nV application to demonstrate and discuss common pitfalls.
Intro to Web Hacking Part 10 - XSS
In this tutorial we cover Cross-Site Scripting (XSS) from manual and automated detection to exploitation and preventative measures.
Intro to Web Hacking Part 9 - Logic Flaws
In this tutorial we demonstrate and discuss business and functional logic flaws. We discuss how to identify functionality that might be vulnerable as well as how to exploit it.
Intro to Web Hacking Part 8 - SQL Injection
In this tutorial we demonstrate and discuss detection, exploitation, and prevention of SQL Injection. We show exactly what a SQL query looks like, how it works, how the vulnerable code is written, how to write parameterized queries, and how this issue can be taken advantage of to fully exploit an application.
Intro to Web Hacking Part 7 - Access Controls
This video covers common access control weaknesses and how to asses these security controls as well as exploit them.
We explain and demonstrate:
Parameter Based Controls
Intro to Web Hacking Part 6 - Session Management Weaknesses
This video covers common session management weaknesses and how to asses these security controls as well as exploiting them. We explain and demonstrate:
Session Termination Flaws
... and more!
Intro to Web Hacking Part 5 - Authentication Weaknesses
This video discusses common authentication weaknesses and how to asses these security controls as well as exploiting them. We explain and demonstrate:
Insecure Account Lockout Policies
Insecure Password Complexity Requirements
Testing Forgot Password Controls
Exploiting "Remember Me" Functions
Intro to Web Hacking Part 4 - Client Side Controls
This video discusses Client-Side controls and how the play a part in vulnerability discovery and exploitation. We explain and demonstrate:
Hidden Form Fields
Burp Suite's Target Analysis
Power of Inclusion and Exclusion of parameters
Intro to Web Hacking Part 3 - Mapping & Enumeration
This is the third episode in our Intro to Web Hacking series. This tutorial covers basic techniques for mapping an application's attack surface. We discuss the purpose of performing mapping & enumeration and then demonstrate various tools and techniques. Some of the tools shown are:
Burp Suite's Intruder
Burp Suite's Spider
Grails - OWASP Top 10, A4
This video demonstrates common ways in which Insecure Direct Object Reference (A4/IDOR) manifest within a Grails application. We demonstrate remediating IDOR flaws within Grails. This tutorial is part of the Grails secure code collection.
Intro to Web Hacking Part 2 - HTML Basics
This is the second video in our "Intro to Web Hacking" series. We cover fundamental aspects of the web that a viewer will need in order to be proficient at web hacking.
In this video we explain and demonstrate:
- HTTP Proxies
- HTML Forms and Elements
- Encoding (Base64/URL)
Intro to Web Hacking Part 1 - HTTP Basics
This tutorial is Part 1 of our "Introduction to Web Hacking" series and is intended for absolute beginners. In this tutorial, we discuss the basics of HTTP Requests & Responses, explain the Document Object Model (DOM), discuss Same-Origin Policy, and cover each of the most popular HTTP response codes as well as HTTP request methods or "verbs"
Grails - OWASP Top 10, A3
This video demonstrates common ways in which Cross-Site Scripting (A3/XSS) manifest within a Grails application. We demonstrate remediating XSS flaws within Grails. This tutorial is part of the Grails secure code collection.
Grails - OWASP Top 10, A1 & A2
This video demonstrates common Injection (A1) and Broken Authentication & Session Management (A2) flaws within a Grails application and shows remediating or mitigating these flaws. This tutorial is part of the Grails secure code collection.
John Poulin demonstrates leveraging nVisium's open source tool "xssValidator" using PhantomJS and SlimerJS with Burp Suite in order to detect and confirm XSS.
Basic Security Settings - Express.js
This tutorial covers basic security enhancements that can be set within an express application to mitigate things like CSRF, insecure caching, and clickjacking. Additionally, we cover using the Helmet library within an express application.
Auth (Node.js) - Passport.js + Sequelize.js
In this tutorial we show implementing Sequelize with Passport.js in a Node.js/Express.js application. The purpose of this tutorial is to show the basics of hashing a user's password, Sequelize validations & hooks, and basic access control.
Intro to Burp Extender (Python/Jython)
In this episode, we show building two Burp extensions in Python. One plugin is a simple "hello world" style plugin with explanations. The second plugin creates an additional tab at the HTTP message view and renders a deobfuscated version of Django signed/client-side storage cookies.
Rails - OWASP Top 10, A3
This video demonstrates common ways in which Cross-Site Scripting (A3/XSS) manifest within a Ruby on Rails application. We demonstrate remediating XSS flaws within Ruby on Rails. This tutorial is part of the Rails secure code collection.
Intro To Burp
This tutorial provides an introduction to configuring and using Burp Suite. We leverage a free version of Burp (1.6) in order to show basic options that a tester would want to incorporate into their efforts.
Intro to Burp Extender (Java)
This video provides the basics of using Burp Suite's Extender functionality with Java.