Description
Course info
Rating
(36)
Level
Beginner
Updated
Mar 14, 2017
Duration
1h 14m
Description

Sensitive data exposure can lead to very severe consequences (user impersonation, account takeover, disclosure of credentials – to name a few). In this course, Web App Hacking: Sensitive Data Exposure, you'll learn about various types of sensitive data exposure in modern web applications. First, you'll see how the attacker can learn the credentials to the database as a result of insecure error handling. Next, you'll learn how the attacker can read the content of sensitive files, when the files are insecurely processed. You'll also learn how to extract the metadata from publicly available files and how sensitive information can be found in metadata. After that, you'll see how easily the attacker can go from the disclosure of software version to remote code execution on the production server. Then, you'll learn about insecure communication channel between the browser and the web application. Finally, you'll learn about the disclosure of cookie with sensitive data and you'll see how the URL with sensitive information can leak to external domain via Referer header. By the end of the course, you'll know how to test web applications for different types of sensitive data exposure and how to provide countermeasures for these problems.

About the author
About the author

Dawid Czagan is listed among the Top 10 Hackers by HackerOne. He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of these bugs, he has received numerous awards for his findings.

More from the author
More courses by Dawid Czagan
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Dawid. Welcome to my course, Web App Hacking: Sensitive Data Exposure. I am a security instructor, researcher, and bug hunter. In this course, I will show you various types of sensitive data exposure in modern web applications. I will demonstrate how the attacker can learn the credentials to the database, as a result of insecure error handling. You will learn how the attacker can read the content of sensitive files when the files are insecurely processed. I will show you how to extract the metadata from publicly-available files, and how sensitive information can be found in metadata. I will demonstrate how easily the attacker can go from the disclosure of software version to remote code execution on the production server. You will learn about insecure communication channel between the browser and the web application. And you will also learn about other problems related to sensitive data exposure in modern web applications. By the end of the course, you will know how to test web applications for various types of sensitive data exposure, and how to provide countermeasures for these problems. I hope you will join me on this journey to learn about sensitive data exposure with the Web App Hacking: Sensitive Data Exposure course at Pluralsight.

Insecure Error Handling
In this module, I will show you how severe consequences can happen as a result of insecure error handling. First I will tell you what verbose error messages are, and what type of sensitive data can be found in verbose error messages, then I will show you how the attacker can trigger an error message, and finally I will demonstrate how the attacker can learn the credentials to the database as a result of insecure error handling.

Disclosure of Sensitive Files
In this module, I will discuss a Disclosure of Sensitive Files. First I will show you how the attacker can find sensitive files, and then I will present how the attacker can read the content of sensitive files when the files are insecurely processed. There will be also a demo showing all the steps in practice, and finally you will see how the attacker can read the content of a sensitive configuration file.

Information Disclosure via Metadata
In this module, I will discuss Information Disclosure via Metadata. First I will tell you what type of information can be found in metadata, then I will present how to extract the metadata from publicly-available files, and finally I will show you what kind of sensitive information can be found in metadata.

Underestimated Risk: Disclosure of Software Version
In this module, I will discuss one of the most underestimated types of sensitive data exposure, Disclosure of Software Version. At the first glance, software version has nothing in common with sensitive data, and many people claim that disclosure of software version is not a problem, but this is wrong. Information about software version is very helpful to the attacker, and in this module, I will demonstrate how easily the attacker can go from disclosure of software version to remote code execution on the production server.

Insecure Communication Channel
In this module, I will focus on Insecure Communication Channel. When the browser is communicating with the web application, then we don't want the sensitive data to be disclosed over an insecure communication channel. That's why we have to learn how to establish a secure communication channel between the browser and the web application. Keep in mind that understanding how secure communication channel works is not enough. You'll also have to learn how to configure the communication channel securely, so that it works as expected.

Leakage of Cookie with Sensitive Data
In this module, I will show you how severe consequences can happen as a result of a leakage of cookies with sensitive data. First I will tell you why secure cookie processing is such an important subject, then I will discuss briefly the fundamentals of cookie processing, and I will explain how to process cookies securely with secure attribute. It turns out that cookies without secure attribute can leak over insecure HTTP, even if the web application is protected by secure HTTPS. And in this module you will learn how the attacker can impersonate a user as a result of this leakage.

Leakage of Sensitive Data via Referer Header
In this module, you will learn how sensitive data can leak via Referer header to external domain, and how severe consequences can happen as a result of this leakage. When we are talking about the leakage of sensitive data via Referer header, then we actually mean the leakage of URL with sensitive data via Referer header, and the exemplary URL with sensitive data is password reset link. Password reset link is very interesting from an attacker's point of view, because can be used to change a user's password. And in this module I will show you how user's password reset link can leak via Referer header to external domain, and how the attacker can impersonate a user as a result of this leakage.