Web development security labs consist of lectures designed to introduce developers to the OWASP Top 10 list, which highlights the most critical security risks to web applications. During these sessions, we utilize OWASP Juice Shop, known as one of the most insecure web applications, to demonstrate these vulnerabilities. The lectures are divided into two parts: an introduction to the issues and exercises where we actively engage in hacking Juice Shop to experience these vulnerabilities firsthand.
University lecture on "IT Security" as Open Educational Resources created by Björn Kimminich and modified by Bogdan Mihai Nicolae. You can find the original material at it-security-lecture.
-
Open Web Application Security Project(OWASP)
This lecture introduces OWASP, a nonprofit foundation focused on improving software security. It covers OWASP's core values, projects, project lifecycle, chapters, and mandatory chapter rules. The lecture also incorporates exercises to help you become acquainted with Juice Shop.
-
The lecture discusses injection attacks, which involve tricking an application into executing unintended commands. It covers various types of interpreters that are vulnerable to injection attacks. The exercises involve becoming acquainted with SQL injection and bypassing authentication in Juice Shop.
-
This lecture covers Cross-Site Scripting (XSS), a common web application vulnerability. It explains the root cause, typical impacts, and provides a phishing email example. It also includes a demo of an XSS attack and discusses vulnerable code examples.
-
This lecture delves into Authentication Flaws, a common security issue in web development. It discusses the importance of secure authentication, common mistakes, and potential impacts. Exercises include identifying and exploiting authentication flaws in Juice Shop.
-
This lecture focuses on Authorization Flaws, a prevalent security concern in web applications. It covers the principles of secure authorization, common pitfalls, and their potential consequences. Practical exercises involve identifying and exploiting authorization flaws in the most unsecure application in the world aka Juice Shop.
-
This lecture explores Cryptographic Failures, a significant security risk in software development. It highlights the importance of proper encryption, common errors, and their potential effects. Hands-on exercises involve identifying and exploiting cryptographic failures in a secure environment.
-
Insecure Dependencies & Configuration
This lecture examines Insecure Dependencies and Configuration, a critical security issue in software development. It emphasizes the need for secure dependencies and configurations, common oversights, and their potential repercussions. Exercises include identifying and exploiting these flaws in Juice Shop safe context.
-
Software & Data Integrity Failures
This lecture investigates Integrity Failures, a serious security concern in software development. It underscores the importance of data integrity, common missteps, and their potential implications. Practical exercises involve identifying and exploiting integrity failures by hacking Juice Shop.
-
This lecture discusses the Software Development Life Cycle (SDLC), a crucial process in software development. It covers the different stages of SDLC, common vulnerabilities at each stage, and their potential impacts. Exercises involve understanding and applying secure SDLC practices.
The marp-team/marp-cli is a command-line interface for Marp and Marpit Markdown. It is a powerful tool that allows you to convert your Markdown files into HTML, PDF, PPTX (PowerPoint), or images. This is particularly useful for creating presentations or documents from your Markdown files.
To create a PDF from your Markdown files, you can use the following command:
npx @marp-team/marp-cli@latestthat is usign .marprc configuration file.
Additionally, we have the capability to generate a single file, such as a PowerPoint presentation (pptx), utilizing the following command:
npx @marp-team/marp-cli@latest slides/01-02-injection.md --pptx --output
slides/pptx/01-02-injection.pptx --allow-local-files
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.