Notes Index for Web App Sec
- Course Pedagogy
- Javascript the Language
- HTML/CSS the DOM and how to manipulate the DOM
- REST APIs and CRUD, NodeJS from scratch (GET POST PUT DELETE)
- Hosting Static Sites
- Added to the KATAS page: HTTP request payloads, Hosting, Authentication
- "Devops" demo day
- OK Database time: SQL, noSQL (Mongo and friends), Firebase
- SQL and the LAMP stack
- Firebase, ProfNinja's favorite stack
- OAuth Setup Demo
- Sessions, Cookies, Local Storage (session hijacking?)
- Live Demo of making a thing
- Passwords: hashing, stretching, and salting
- Demo day spinning up an EC2 (watch the video instead)
- Role-Based Access Control in Firebase and how to think in NoSQL
- 4 classic vulnerabilities to speedrun learning
- Websockets (and a touch of XSS)
- JWTs (JSON Web Tokens)
- Last Dev Day: setting up an HTTPS domain, Single-Page Apps, maybe REACT demo
- Project 1 Turn-In Day!!
- Just enough Crypto for the Web
- A little more XSS
- A Crash Course in Cyclic Groups and number theory for crypto
- RSA structure
- Burpsuite and the Portswigger Labs
- Prototype Pollution
- AWS Lambdas, Jail Cells, S3 Buckets
- Server-Side Template Injection and Reverse Shells
- JWTs But This Time Hackery
- Web CTF flowchart
- HTTP Request Smuggling
- Web App Sec in the context of all cyber
- Last Class Lookback