Notes Index for Web App Sec

• Course Pedagogy
• Javascript the Language
• HTML/CSS the DOM and how to manipulate the DOM
• REST APIs and CRUD, NodeJS from scratch (GET POST PUT DELETE)
• Hosting Static Sites
• Added to the KATAS page: HTTP request payloads, Hosting, Authentication
• "Devops" demo day
• OK Database time: SQL, noSQL (Mongo and friends), Firebase
• SQL and the LAMP stack
• Firebase, ProfNinja's favorite stack
• OAuth Setup Demo
• Sessions, Cookies, Local Storage (session hijacking?)
• Live Demo of making a thing
• Passwords: hashing, stretching, and salting
• Demo day spinning up an EC2 (watch the video instead)
• Role-Based Access Control in Firebase and how to think in NoSQL
• 4 classic vulnerabilities to speedrun learning
• Websockets (and a touch of XSS)
• JWTs (JSON Web Tokens)
• Last Dev Day: setting up an HTTPS domain, Single-Page Apps, maybe REACT demo
• Project 1 Turn-In Day!!
• Just enough Crypto for the Web
• A little more XSS
• A Crash Course in Cyclic Groups and number theory for crypto
• RSA structure
• Burpsuite and the Portswigger Labs
• Prototype Pollution
• AWS Lambdas, Jail Cells, S3 Buckets
• Server-Side Template Injection and Reverse Shells