we45 | Advanced Appsec

Home

Day-1

SQL Injection
- SQL-Injection
OS Command Injection
- ImageMagick
Template Injection
- Node-Template-Injection
XXE
- XXE
Insecure Deserialization
- Insecure Deserialization

Day-2

SSRF
- Weasyprint-SSRF
Cross-Site-Scripting (XSS)
- Stored XSS
Client Side Attacks
- Angular Template Injection
Input Validation
Browser Security Directives
- CSP

Day-3

JWT
- Algo Confusion
- JKU Authorization Bypass
IDOR
- Mass Assignment
ACL
- ACL Casbin
Encryption
- ECB penguin
Secrets
- Python Vault
- Key Stretching
Logging
- Security Logging
SAST
- Bandit
SCA
- OWASP-Dependency-Check
- NPM-Audit