Web App Hacking: Caching Problems

By Dawid Czagan
Caching problems can lead to very severe consequences. This course will teach you different types of problems, common mistakes, and countermeasures related to cache processing in modern web applications.
Play course overview
Course info
Rating
(61)
Level
Beginner
Updated
May 10, 2017
Duration
46m
Table of contents
Course Overview
Course Overview 2m
Introduction
Introduction 5m
Google Caching
Overview 1m Google Indexing and Caching 1m How to Find Sensitive Data in Google 2m Demo 2m Fixing the Problem 1m Summary 1m
Cacheable HTTPS Responses
Overview 1m HTTPS Is Not Enough! 2m Demo 5m Fixing the Problem 1m Summary 1m
Caching of Credit Card Data
Overview 1m Caching of Data Entered by the User 2m Demo 2m Fixing the Problem 1m Summary 1m
Sensitive Data in the URL
Overview 1m URL and Sensitive Data 1m Demo 2m Fixing the Problem 1m Summary 1m
Industry Best Practices
Overview 1m OWASP ASVS 2m V9: Data Protection Verification Requirements 3m Summary 1m
Summary
Summary 5m
Description
Course info
Rating
(61)
Level
Beginner
Updated
May 10, 2017
Duration
46m
Description

Caching problems are underestimated by developers and security engineers. In this course, Web App Hacking: Caching Problems, you'll learn why this subject is important and how severe consequences can happen as a result of caching problems. First, you'll see that sensitive data from your web application can be exposed to everyone on the Internet as a result of Google Caching. Next, you'll discover how your password can be cached in plaintext as a result of cacheable HTTPS responses. After that, you'll see how credit card data can be insecurely processed in terms of cache. Then, you'll learn why sensitive data should never be sent in the URL. Finally, you'll explore how the caching problems, that are discussed in this course, are related to industry best practices. By the end of the course, you'll know how to test web applications for different types of caching problems.

About the author
Dawid Czagan
About the author

Dawid Czagan is listed among the Top 10 Hackers by HackerOne. He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of these bugs, he has received numerous awards for his findings.

More from the author
Web Application Penetration Testing: Insecure Error Handling
Intermediate
49m
Feb 11, 2020
Web App Hacking: Hacking XML Processing
Beginner
50m
Jan 23, 2018
Web App Hacking: Cross-Site Request Forgery (CSRF)
Beginner
51m
Oct 9, 2017
More courses by Dawid Czagan
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Dawid. Welcome to my course, Web App Hacking: Caching Problems. I am a security instructor, researcher, and bug hunter. Caching problems are underestimated by developers and security engineers, and in this course I will show you why this subject is important and how severe consequences can happen as a result of caching problems. You will learn that sensitive data from your web application can be exposed to everyone on the internet as a result of Google caching. You will see how HTTPS-protected responses can be cached in plain text. I will explain how credit card data can be insecurely processed in terms of cache. You will learn why sensitive data should never be sent in the URL. And I will show you how the caching problems that I discuss in this course are related to industry best practices. for different types of caching problems. You will also learn how to prevent these problems from happening. I hope you will join me on this journey to learn about caching problems, with the Web App Hacking: Caching Problems course, at Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT