GeekwiseApplicationSecurity icon indicating copy to clipboard operation
GeekwiseApplicationSecurity copied to clipboard

verified publisher icon coreyshuman

Metadata

12-week Geekwise course on web application security and hardening.

Application Security And Hardening

A Geekwise Academy course by Corey Shuman

This is a 12 week (72 hour) course on Application Security covering a variety of topics designed to give students the tools and knowledge they need to make their applications more secure.

Lecture Notes

  • Week 01 - Introduction to APIs and Development Tools
  • Week 02 - SQL Injection and Cross Site Scripting
  • Week 03 - Cross-Site Scripting Cont. and Keylogging
  • Week 04 - Authentication and Authorization
  • Week 05 - Authorization Cont. and Cross-Site Request Forgery (CSRF)
  • Week 06 - Authorization Continued and Server Hardening
  • Week 07 - Refresh Tokens, Roles, and Session Hijacking
  • Week 08 - NoSQL Injection and MEAN Stack Vulnerabilities
  • Week 09 - Encryption and SSL/TLS Certificates
  • Week 11 - Kali Linux and Audit Logging
  • Week 12 - Secure Development and Testing

Applications

  • Week 01 - Basic Insecure Web App Example
    • A simple example to build familiarity with Node Express, Postgres, Docker, and Postman
  • Week 02 - Insecure Blog App Part 1
    • A work-in-progress blogging application that we will build up in the coming weeks. This application is the perfect platform for us to learn and practice application security fundamentals.
  • Week 02 - Cross-Site Scripting Sandbox
    • This sandbox will let us test out different types of script injections.
  • Week 03 - Insecure Blog App Part 2
    • A work-in-progress blogging application that we will build up in the coming weeks. This application is the perfect platform for us to learn and practice application security fundamentals.
  • Week 03 - Echo Server
    • This logging server will accept requests from our Keylogger, print them to the console, and save them to the Database.
  • Week 04 - Insecure Blog App Part 3
    • A work-in-progress blogging application with basic user authentication and authorization
  • Week 05 - Insecure Blog App Part 4
    • A work-in-progress blogging application with basic user authentication and authorization
    • This week we've added authorization via cookies
  • Week 05 - CSRF Example
    • This example app performs a CSRF attack on our blogging app when using cookies to authorize the user
  • Week 06 - Insecure Blog App Part 5
    • A work-in-progress blogging application with basic user authentication and authorization
    • This week we've added authorization via tokens
  • Week 06 - CSP Example
    • This simple app demonstrates using the Content-Security-Policy to control what source is allowed in an iframe.
  • Week 07 - Insecure Blog App Part 6
    • A work-in-progress blogging application with basic user authentication and authorization
    • This week we've added authorization via cookies and tokens
  • Week 07 - Payload RX
    • A special purpose app :)
  • Week 08 - Insecure Blog App Part 7
    • A work-in-progress blogging application with basic user authentication and authorization
  • Week 09 - Insecure Blog App Part 8
    • This week we have added encryption to sensitive user fields

Metadata

17
Stars
35
Forks
Watchers

Owner

verified publisher icon coreyshuman

Metadata

12-week Geekwise course on web application security and hardening.

Back