Web and Cloud Security

A-Z

Recent

Duration

3.1: XSS

Leverage XSS vulnerabilities to attack vulnerable client browsers.

145 min Updated Apr 24, 2020

3.2: Content Security Policy, CORS

Experiment with headers within HTTP that limit XSS vulnerabilities.

70 min Updated Apr 24, 2020

3.3: CSRF, Clickjacking

Leverage command and code injection vulnerabilities to exploit web applications

30 min Updated Apr 24, 2020

3.4: Insecure Deserialization (PHP)

Leverage a deserialization vulnerability to exploit a PHP web application.

44 min Updated Apr 24, 2020

3.5: Insecure Deserialization (JavaScript)

Leverage a deserialization vulnerability to exploit a NodeJS web application.

27 min Updated Apr 24, 2020

4.1: Thunder CTF

Explore scenarios that allow adversaries to gain unauthorized access to cloud resources on Google Cloud Platform

180 min Updated Apr 24, 2020

4.2: Serverless Goat

Exploit a serverless application to gain unauthorized access to resources of the account that hosts it.

76 min Updated May 2, 2020

4.3: flaws.cloud

Exploit several vulnerable cloud deployments to gain unauthorized access.

82 min Updated Apr 24, 2020

4.4: flaws2.cloud

Play attacker and defender roles in the cloud using several vulnerable cloud deployments.

73 min Updated May 1, 2020

4.5: CloudGoat

Exploit vulnerable cloud deployments to gain unauthorized access to cloud resources.

68 min Updated Apr 24, 2020

Program 1: Blind SQL Injection

Write a Python program to perform a Blind SQL injection attack using binary searches

138 min Updated Apr 24, 2020

Program 2: Timing Side-Channel

Write a Python program to perform a side-channel attack on a vulnerable authentication process

135 min Updated Apr 24, 2020

1.1: Broken Access Control, Unvalidated Redirects

Leverage file path traversal and file upload vulnerabilities

120 min Updated Apr 24, 2020

1.2: SSRF, XXE, Sensitive Data Exposure

Leverage SSRF, XXE and data exposure vulnerabilities

45 min Updated Apr 24, 2020

2.1: Command and Code Injection

Leverage command and code injection vulnerabilities to exploit web applications

55 min Updated Apr 24, 2020

2.2: SQL Injection

Leverage SQL injection vulnerabilities to exploit web applications

220 min Updated Apr 24, 2020

2.3: Broken Authentication

Leverage authentication vulnerabilities to gain unauthorized access to sites.

85 min Updated Apr 24, 2020

0: Setup

Setup the accounts and virtual machines for use in this course.

126 min Updated May 1, 2020

5.1: Tools setup

Setup Kali VMs and web servers to practice using tools that automate reconnaissance, scanning, and exploitation.

63 min Updated Apr 24, 2020

5.2: wfuzz, nmap, bucket-stream

Perform reconnaissance attacks using automated tools.

37 min Updated Apr 24, 2020

5.3: wpscan

Scan WordPress sites for vulnerabilities automatically.

42 min Updated Apr 24, 2020

5.4: hydra, sqlmap, xsstrike, w3af, commix

Identify vulnerabilities in web applications via automated tools.

45 min Updated Apr 24, 2020

5.5: metasploit

Exploit vulnerable web applications using an industry-standard tool.

27 min Updated Apr 24, 2020

Loading Codelabs, please wait...