Web App Hacking: Sensitive Data Exposure

This course helps to understand various types of sensitive data exposure in modern web applications. You'll learn about testing for sensitive data exposure, common problems, and countermeasures.
Course info
Rating
(33)
Level
Beginner
Updated
March 14, 2017
Duration
1h 14m
Table of contents
Description
Course info
Rating
(33)
Level
Beginner
Updated
March 14, 2017
Duration
1h 14m
Description

Sensitive data exposure can lead to very severe consequences (user impersonation, account takeover, disclosure of credentials – to name a few). In this course, Web App Hacking: Sensitive Data Exposure, you'll learn about various types of sensitive data exposure in modern web applications. First, you'll see how the attacker can learn the credentials to the database as a result of insecure error handling. Next, you'll learn how the attacker can read the content of sensitive files, when the files are insecurely processed. You'll also learn how to extract the metadata from publicly available files and how sensitive information can be found in metadata. After that, you'll see how easily the attacker can go from the disclosure of software version to remote code execution on the production server. Then, you'll learn about insecure communication channel between the browser and the web application. Finally, you'll learn about the disclosure of cookie with sensitive data and you'll see how the URL with sensitive information can leak to external domain via Referer header. By the end of the course, you'll know how to test web applications for different types of sensitive data exposure and how to provide countermeasures for these problems.

About the author
About the author

Dawid Czagan is listed among the Top 10 Hackers by HackerOne. He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of these bugs, he has received numerous awards for his findings.

More from the author
Web App Hacking: Hacking XML Processing
Beginner
50m 16s
23 Jan 2018
More courses by Dawid Czagan
Transcript
Transcript

Hi everyone, my name is Dawid Czagan (I will only say my first name), welcome to my course, Web App Hacking: Sensitive Data Exposure. I am a security instructor, researcher and bug hunter.

In this course I will show you various types of sensitive data exposure in modern web applications.

  • Insecure Error Handling: How the attacker can learn the credentials to the database as a result of insecure error handling.
  • Disclosure of Sensitive Files: How the attacker can read the content of sensitive files, when the files are insecurely processed
  • Information Disclosure via Metadata: How to extract the metadata from publicly available files and how sensitive information can be found in metadata.
  • Underestimated Risk: Disclosure of Software Version: How easily the attacker can go from the disclosure of software version to remote code execution on the production server.
  • Insecure Communication Channel: Insecure communication channel between the browser and the web application
And other problems related to sensitive data exposure in modern web applications.

By the end of the course, you will know how to test web applications for various types of sensitive data exposure and how to provide countermeasures for these problems.
I hope you’ll join me on this journeyto learn about sensitive data exposure with the Web App Hacking: Sensitive Data Exposure course, at Pluralsight.