Applied Information Security : 01 Hacking Application-Level

Computer Security in the Real World, by Butler Lampson, up-to-and-including Section 2 (6 pages)

Book, by Fred B. Schneider, Chapter 1, up-to-and-including section 1.2 (we’ll read the rest later) (9 pages)

The Security Mindset (1 page)

Phases of a Successful Network Penetration (2 pages)

Malware, section 2 (4 pages)

What happens when you type a URL in a browser? (6 pages)

Using curl to Automate HTTP Jobs, by creator of curl, Sections 1-5 (6 pages)

Dynamic Evaluation, focus on the examples (1 page)

Insecure Deserialization (3 pages)

Cross-Site Scripting (3 pages)

Slides

Video (TBA)

Exercises

app.py

Cybersecurity: Crash Course Computer Science (12:29)

Web, by Willard Rafnsson (lecture in "Introductory Programming" 2018) (1:56:36)

The Basics of Web Application Security, by Cairns & Somerfield

OWASP Top Ten Web Application Security Risks (see e.g. Injection, Insecure Deserialization, XSS)

Dynamic Evaluation Attack on a Node.js backend (3 pages)

Insecure Deserialization Attack on a Node.js backend (4 pages)

Insecure Deserialization Attack on a Java backend (6:52)

Cross-Site Scripting Attacks, by Computerphile (8:33)

Cross-Site Scripting Attack: Self-Retweeting Tweet, by Computerphile (6:16)

Cross-Site Scripting Attack: Cookie Stealing (aka. Session Hijacking) (7:23)

Cross-Site Scripting Attack Tutorial