Notes Index for Web App Sec

• A dumb introductory survey
• Folks want to be Javascript Ninjas so here's a deep-dive
• Crash Course on DOM manipulation
• Hosting A Simple Website and Fileservers
• Intro to Firebase, a fast way to CRUD
• Commented Codepen to explain RTDB
• Some Software Engineering Insights from a decade of building junk
• Single Page Apps and Client-Side Routing/Deep-linking
• Side-Lecture: Firebase Hosting
• Authentication in Firebase
• Role-Based Access Control
• NodeJS and Express from scratch
• Ways to connect Node to Firebase (emptyish)
• File Storage to Firebase
• DEMO of like button
• Intro to SQL (and SQL injection)
• Intro to XSS
• Hashing, Salting, Stretching and Passwords
• TWITTER TURN-IN DAY! Also Project 1.5 Instructions
• Intro to XOR and the One-Time Pad
• Intro to AES and web-style symmetric-key crypto
• Diffie-Hellman Key Exchange (sharing secrets in a noisy room)
• Project 2 Instructions
• Public-Key Infrastructure and Attacks on the Key Exchange
• LAMP stack, Sessions, Cookies, and LocalStorage
• CTF Speedruns: 4 types classic CTF-style web wins (local file inclusion, .git repos, unserialization errors, type juggling) Also a how-to on Heroku PHP Flag deployment
• Reverse Shells, Digital Ocean, DockerHub, File upload Exploits
• JSON Web Tokens
• Prototype Pollution
• Deserialization; Jail Escapes (Avoiding blacklists); Server-Side Template Injection
• Cybersecurity as a whole, and where our class fits in.
• WEB Speed Dating, topics you should know, could get really into, but aren't for everyone: Apache, AWS, Microservices, WASM
• BurpSuite, PortSwigger Labs, intro to SSRF and CSRF
• Hybrid Web Apps (write one deploy anywhere)
• Websockets (via socketio)
• LAST CLASS: review, advice, Request Smuggling, XXE, Stego