Description
Course info
Rating
(75)
Level
Beginner
Updated
August 22, 2016
Duration
1h 2m
Description

Cookies are interesting for attackers because of the sensitive data they store. This course, Web App Hacking: Cookie Attacks, will teach you how to avoid the severe consequences of insecure cookie processing. First, you'll learn how cookies with sensitive data can leak over insecure channel. Next, you'll learn how the attacker can hijack cookies remotely. You'll also learn about weaknesses in cookie lifecycle and see one of the most underestimated cookie attacks - XSS via cookie. Finally, you'll learn how the attacker can tamper remotely with cookies of the user. By the end of the course, you'll know how cookie attacks work in practice and how to test web applications for various cookie processing flaws. What's more, you will learn how to process cookies securely.

About the author
About the author

Dawid Czagan is listed among the Top 10 Hackers by HackerOne. He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of these bugs, he has received numerous awards for his findings.

More from the author
Web App Hacking: Hacking XML Processing
Beginner
50m 16s
23 Jan 2018
More courses by Dawid Czagan
Transcript
Transcript

Hi everyone, my name is Dawid Czagan, welcome to my course, Web App Hacking: Cookie Attacks. I am a security instructor, researcher and bug hunter. Cookies are interesting for attackers, because they store sensitive data. In this course you will learn how severe consequences can happen as a result of insecure cookie processing. 1. I will present how cookies with sensitive data can leak over insecure channel 2. You will see how the attacker can hijack remotely sensitive cookies of the user 3. I will discuss weaknesses in cookie lifecycle 4. And I will present one of the most underestimated cookie attacks: XSS via cookie 5. Finally, I will show you how the attacker can tamper remotely with cookies of the user By the end of the course, you’ll know how cookie attacks work in practice and how to test web applications for various cookie processing flaws. What’s more – you will learn how to process cookies securely. I hope you’ll join me on this journey to learn cookie attacks with the Web App Hacking: Cookie Attacks course, at Pluralsight.