Notes Index for Web App Sec

• A dumb introductory survey
• Folks want to be Javascript Ninjas so here's a deep-dive
• Crash Course on DOM manipulation
• Hosting a site from static files
• Intro to my favorite database: Firebase RTDB
• Debugging web apps
• A couple hand's on demos based on common JS patterns/user stories
• Learn OAuth by doing it
• User Roles and Firebase Security Rules
• Single Page App Client-Side Routing
• Putting it together with a live demo
• SQL and SQL Injection
• Collation of the CTF problems so far
• An outline for me to do some video walkthroughs of the hidden flags so far
• A weird tour of AWS stuff
• Project 1 Submission Instructions
• Serverless Functions and AWS Lambda
• Intro to XSS (Cross Site Scripting)
• Ten-Mile view of how web sec fits into Cyber as a whole
• Web Crypto Part 1: Passwords, Hashing, Salting, Stretching and scrypt
• AES, encodings, One-Time pad, and CSPRNGs
• Diffie-Hellman Key Exchange
• Public Key Infrastructure (the problems with DHKE)
• PHP, Heroku, Sessions, Cookies
• DVWA/Juice Shop and Running Docker/DockerHub images
• Intro to Web Assembly, make your own, and reversing wasm
• NodeJS, Express, and REST APIs
• REACT, props, state, and components
• JSON Web Tokens and a big list of exploits
• Cross-Site Request Forgery
• Hybrid Apps
• Three classic CTF problem types (LFI, .git, deserialization)
• X-mas: Blind XSS + XXE
• socketio and web sockets
• Prototype Pollution
• Jail Escapes
• The Last Class!