Notes Index for Web App Sec
- A dumb introductory survey
- Folks want to be Javascript Ninjas so here's a deep-dive
- Crash Course on DOM manipulation
- Hosting A Simple Website and Fileservers
- Intro to Firebase, a fast way to CRUD
- Commented Codepen to explain RTDB
- Some Software Engineering Insights from a decade of building junk
- Single Page Apps and Client-Side Routing/Deep-linking
- Side-Lecture: Firebase Hosting
- Authentication in Firebase
- Role-Based Access Control
- NodeJS and Express from scratch
- Ways to connect Node to Firebase (emptyish)
- File Storage to Firebase
- DEMO of like button
- Intro to SQL (and SQL injection)
- Intro to XSS
- Hashing, Salting, Stretching and Passwords
- TWITTER TURN-IN DAY! Also Project 1.5 Instructions
- Intro to XOR and the One-Time Pad
- Intro to AES and web-style symmetric-key crypto
- Diffie-Hellman Key Exchange (sharing secrets in a noisy room)
- Project 2 Instructions
- Public-Key Infrastructure and Attacks on the Key Exchange
- LAMP stack, Sessions, Cookies, and LocalStorage
- CTF Speedruns: 4 types classic CTF-style web wins (local file inclusion, .git repos, unserialization errors, type juggling) Also a how-to on Heroku PHP Flag deployment
- Reverse Shells, Digital Ocean, DockerHub, File upload Exploits
- JSON Web Tokens
- Prototype Pollution
- Deserialization; Jail Escapes (Avoiding blacklists); Server-Side Template Injection
- Cybersecurity as a whole, and where our class fits in.
- WEB Speed Dating, topics you should know, could get really into, but aren't for everyone: Apache, AWS, Microservices, WASM
- BurpSuite, PortSwigger Labs, intro to SSRF and CSRF
- Hybrid Web Apps (write one deploy anywhere)
- Websockets (via socketio)
- LAST CLASS: review, advice, Request Smuggling, XXE, Stego