* Cantinho Satkeys

Refresh History
  • FELISCUNHA: Votos de um santo domingo para todo o auditório  4tj97u<z
    24 de Maio de 2026, 11:14
  • JP: try65hytr Pessoal  4tj97u<z 2dgh8i k7y8j0  classic
    22 de Maio de 2026, 05:50
  • FELISCUNHA: ghyt74  pessoal   49E09B4F
    21 de Maio de 2026, 11:42
  • JP: try65hytr Pessoal  4tj97u<z 2dgh8i k7y8j0 yu7gh8
    21 de Maio de 2026, 05:12
  • cereal killa: try65hytr malta  4tj97u<z 2dgh8i
    20 de Maio de 2026, 23:14
  • FELISCUNHA: ghyt74   49E09B4F  e bom fim de semana   4tj97u<z
    16 de Maio de 2026, 11:36
  • j.s.: tenham um excelente fim de semana  4tj97u<z
    15 de Maio de 2026, 20:53
  • j.s.: try65hytr a todos  49E09B4F
    15 de Maio de 2026, 20:52
  • JP: try65hytr Pessoal 4tj97u<z 2dgh8i k7y8j0 yu7gh8
    15 de Maio de 2026, 05:52
  • FELISCUNHA: ghyt74 pessoal   4tj97u<z
    14 de Maio de 2026, 11:31
  • cereal killa: try65hytr pessoal  49E09B4F 2dgh8i
    13 de Maio de 2026, 21:15
  • nsama71: uhf
    11 de Maio de 2026, 05:57
  • FELISCUNHA: ghyt74  votos de um santo domingo para todo o auditório  4tj97u<z
    10 de Maio de 2026, 11:02
  • j.s.: bom fim de semana   4tj97u<z
    09 de Maio de 2026, 20:41
  • j.s.: try65hytr a todos  49E09B4F 49E09B4F
    09 de Maio de 2026, 20:41
  • FELISCUNHA: ghyt74  Pessoal  49E09B4F
    08 de Maio de 2026, 11:39
  • JP: try65hytr A Todos  4tj97u<z 2dgh8i k7y8j0 yu7gh8
    08 de Maio de 2026, 05:50
  • JP: try65hytr Pessoal  4tj97u<z 2dgh8i k7y8j0
    07 de Maio de 2026, 05:23
  • j.s.: dgtgtr a todos  49E09B4F 49E09B4F
    05 de Maio de 2026, 16:34
  • FELISCUNHA: ghyt74  pessoal   49E09B4F
    04 de Maio de 2026, 11:28
« anterior seguinte »
Páginas: [1]   Ir para o fundo

Autor Tópico: Web Application Penetration Testing Weak Cryptography  (Lida 484 vezes)

0 Membros e 2 Visitantes estão a ver este tópico.

Online mitsumi

  • Sub-Administrador
  • ****
  • Mensagens: 132538
  • Karma: +0/-0
Web Application Penetration Testing Weak Cryptography
« em: 22 de Abril de 2020, 04:27 »

Web Application Penetration Testing: Weak Cryptography
.MP4, AVC, 1280x720, 30 fps | English, AAC, 2 Ch | 51m | 108 MB
Instructor: Dawid Czagan

Cryptography is used to secure modern web applications. The problem is that quite many things can go wrong and weak cryptography can lead to very severe consequences. That's why this subject is interesting for penetration testers.

Weak cryptography can lead to very severe consequences. In this course, Web Application Penetration Testing: Weak Cryptography, you will learn how to test for weak cryptography in modern web applications. First, you will learn about HTTPS enforcement and insecure cookie processing. You will see that users' credentials can be disclosed over insecure channel when HTTPS enforcement is not implemented in the web application. You will also see a demonstration in which a cookie with sensitive data can be disclosed over insecure channel, even if secure HTTPS is enforced in the web application. Next, you will explore Transport Layer Protection, Heartbleed vulnerability, and mixed content vulnerability. You will see how to check if Transport Layer Protection is configured securely in your web application, and how the attacker can read sensitive data from the memory of the web server as a result of Heartbleed vulnerability (which is one of the most famous vulnerabilities in crypto libraries). You will also see what dangers can happen when there is mixed content vulnerability in your web application. Finally, you will discover session randomness analysis, insecure password storage, and Sub-resource Integrity Protection. You will see how you can analyze the randomness of session IDs in your web application with Burp Suite Sequencer. You will learn why you should store a hash of the password (instead of the password in plaintext) and how it can solve your problems with insecure password storage. You will also learn how Subresource Integrity can be used to protect the integrity of scripts and style sheets in your web applications. By the end of this course, you will know how severe consequences can happen as a result of weak cryptography and you will also know how to test for weak cryptography in modern web applications.


Download link:
Só visivel para registados e com resposta ao tópico.

Only visible to registered and with a reply to the topic.

Links are Interchangeable - No Password - Single Extraction
Registado
Páginas: [1]   Ir para o topo
« anterior seguinte »