Web and Cloud Security

A-Z

Recent

Duration

3.1: XSS

Leverage XSS vulnerabilities to attack vulnerable client browsers.

125 min Updated Mar 19, 2021

3.2: CORS, Content Security Policy

Experiment with headers within HTTP that limit XSS vulnerabilities.

70 min Updated Mar 19, 2021

3.3: CSRF

Leverage client-side issues to exploit vulnerable web applications

53 min Updated Mar 12, 2021

3.4: Clickjacking

Leverage client-side issues to exploit vulnerable web applications

40 min Updated Mar 18, 2021

3.5: Insecure Deserialization (PHP)

Leverage a deserialization vulnerability to exploit a PHP web application.

44 min Updated Mar 12, 2021

3.6: Insecure Deserialization (JavaScript)

Leverage a deserialization vulnerability to exploit a NodeJS web application.

27 min Updated Mar 12, 2021

4.1: Thunder CTF

Play attacker and defender roles in the cloud using several vulnerable cloud deployments.

286 min Updated Apr 9, 2021

4.2: Serverless Goat

Exploit a serverless application to gain unauthorized access to resources of the account that hosts it.

86 min Updated Apr 14, 2021

4.3: flaws.cloud

Exploit several vulnerable cloud deployments to gain unauthorized access.

82 min Updated Mar 23, 2021

4.4: flaws2.cloud

Play attacker and defender roles in the cloud using several vulnerable cloud deployments.

73 min Updated Mar 23, 2021

4.5: CloudGoat

Exploit vulnerable cloud deployments to gain unauthorized access to cloud resources.

68 min Updated Apr 13, 2021

1.2: Web Programming

Use Python to efficiently access a collection of web sites

48 min Updated Apr 6, 2021

1.4: HW1 (2fa-bypass-using-a-brute-force-attack)

Write a program to brute-force a vulnerable 2FA process

137 min Updated Apr 14, 2021

2.2: HW2 (conditional-responses)

Write a program to perform Blind SQL injection using binary search

156 min Updated Mar 5, 2021

1.3: Broken Authentication

Leverage authentication vulnerabilities to gain unauthorized access to sites.

35 min Updated Apr 7, 2021

1.5: Broken Access Control

Leverage access control vulnerabilities to exploit vulnerable web sites

110 min Updated Apr 11, 2021

1.6: SSRF

Leverage SSRF vulnerabilities to exploit vulnerable web applications

23 min Updated Apr 11, 2021

1.7: XXE

Leverage XXE vulnerabilities to exploit vulnerable web applications

35 min Updated Apr 11, 2021

2.1: Command and SQL injection

Leverage command and code injection vulnerabilities to exploit web applications

55 min Updated Mar 2, 2021

1.1: Setup

Setup the accounts and virtual machines for use in this course.

76 min Updated Apr 14, 2021

5.1: Tools setup

Setup Kali VMs and web servers to practice using tools that automate reconnaissance, scanning, and exploitation.

63 min Updated Mar 11, 2021

5.2: wfuzz, nmap, bucket-stream

Perform reconnaissance attacks using automated tools.

37 min Updated Mar 11, 2021

5.3: wpscan

Scan WordPress sites for vulnerabilities automatically.

42 min Updated Mar 11, 2021

5.4: hydra, sqlmap, xsstrike, w3af, commix

Identify vulnerabilities in web applications via automated tools.

45 min Updated Mar 11, 2021

5.5: metasploit

Exploit vulnerable web applications using an industry-standard tool.

27 min Updated Mar 11, 2021

Loading Codelabs, please wait...