Answering your questions | David Bombal

Autoplay
Autocomplete

Previous Lesson Complete and Continue

The OWASP top 10, mobile top 10 and API 10 demystified - A guide for pentesters, bug bounty hunters and managers

Getting Help

Answering your questions (1:53)

OWASP top 10 - Protection against .. as a developer

A03.2021 Injection .pptx
A03.2021 How to prevent SQLi.mp4 (2:43)
A03.2021 How to prevent OS command injection.mp4 (5:02)
A03 2021 - Injection - How to prevent it .mp4 (8:00)
A01.2021 How to protect from broken authentication.mp4 (7:51)

OWASP top 10 of 2021 - Theory

OWASP Top 10 Intro.mkv (1:54)
Introduction 186e7.pdf
OWASP Top 10 - 2021, Changes
A01-2021 BAC.mkv (15:01)
A01 - 2021 dcf17.pdf
A02-2022 Sensitive data exposure.mkv (6:46)
A02-2021 103f7.pdf
A03-2022 Injections.mkv (2:21)
A03 - 2021 9a4c8.pdf
A04-2022 Insecure design.mkv (1:43)
A04-2021 08d43.pdf
A05-2022 Security Misconfiguration.mkv (4:06)
A05-2021 9eb03.pdf
A06 - 2021 Vulnerable and Outdated Components (2:45)
A06-2021 bd95a.pdf
A07 - 2021 Identification and Authentication (7:45)
A07 -2021 .pdf
A08 - 2021 Software and Data Integrity (1:25)
A08-2021 d0c0e.pdf
A09 - 2021 Security Logging and Monitoring (6:50)
A09-2021 8b2ff.pdf
A10 - 2021 SSRF (Server side request ... (2:33)
Al0 - 2021 727b9.pdf
OWASP Top 10 Course In Under 30 Minutes - With Labs You Can Solve (20:23)

OWASP top 10 of 2017- Theory

Introduction.mp4 (7:38)
Introduction.pdf
A1.2017 Injections (9:25)
A201720injection.pdf
A1: Injection - Extra article
A2.2017_Broken_authentication.pdf
A2.2017_Broken_authentication (19:18)
A3.2017 Sensitive data exposure (17:16)
A3.2017 Sensitive data exposure.pdf
A4.2017 XXE (15:37)
A4.2017_XML_eXternal
A5.2017 Broken Access Control (11:11)
A5.2017 Broken Access Control
A6.2017 Security misconfigurations (8:56)
A6.2017 Security misconfigurations
A7.2017 XSS (11:23)
A7.2017 XSS
A8.2017 insecure deserialization (4:17)
A8. Insecure deserialization
A8. Insecure deserialization - Extra
A9.2017 Components with vulnerablilities (7:47)
A9.2017 Using Components with Known Vulnerabilities
A10.2017 Insufficient logging and monitoring (6:00)
A10. 2017 Insufficient Logging & Monitoring

OWASP top 10 of 2017 - Demonstrations and practicals

A1. Injection - Simple injection (1:31)
A1. Injections-XXE (3:28)
A1. Injection - SQLi (3:40)
A1. How to prevent SQLi.mp4 (2:43)
A1. Injection - blind command injection (5:07)
A2.2017 - Broken Authentication - Demonstrated.mp4 (1:55)

OWASP API top 10 - Videos

Video: OWASP API 0 through 3 (28:57)
Video: OWASP API 4 through 7 (31:47)
Video: A8: Injection (9:41)
Video: API9:2019 Improper (7:16)

OWASP API top 10 - PDFs

API0.2019: What is an API?
AP11:2019 Broken Object Level Authorization
API2:2019 Broken User Authentication
API3:2019 Excessive Data Exposure
API4:2019 Lack of rate limiting
API5:2019 Broken Function Level Authorization
API6:2019 Mass Assignment
API7:2019 Security Misconfiguration
API8:2019 Injection
API9:2019 Improper Assets Management
API10:2019 Insufficient Logging & Monitoring

OWASP API top 10 - Quizzes

OWASP API top 10 - Part 1
Let's build an API to hack - Part 1: The basics
Let's build an API to hack - Part 2: Faking it before breaking it
Let's build an API to hack - Part 3: Information disclosure

OWASP Mobile top 10

Video: M1 (5:24)
M1. Improper Platform Usage
Video: M2 (1:28)
M2.2016 Insecure Data Storage
Video: M3 (2:07)
M3.2016: Insecure Communication
Video: M4 (3:38)
M4.2016: Insecure Authentication
Video: M5 (2:22)
M5. 2016 Insufficient Cryptography
Video: M6 (3:07)
OWASP M6. Insecure authorization
Video: M7 (5:35)
OWASP M7. bad code quality
Video: M8 (2:36)
M8: Code Tampering
Video: M9 (2:33)
M9: Reverse Engineering
Video: M10 Extraneous Functionality (1:56)
M10 Extraneous Functionality

Extra: XSS

Ultimate XSS guide (27:45)
XSS - Ultimate beginner guide.pdf
Labs: Easy reflected XSS
Labs: Medium reflected XSS
Labs: Hard reflected XSS
Labs: Hard reflected XSS - Number 2
Labs: Very Hard reflected XSS
Labs: Red Hot Cheese reflected XSS
Labs: Red Hot Cheese reflected XSS - Number 2
SOLUTIONS LABS: REFLECTED XSS

EXTRA: A6.2017 Security Misconfiguration

A6.2017 Security misconfigurations.mp4 (1:56)

Extra XXE

XXE - Slides.pdf
XXE.mp4 (9:51)

Teach online with

Answering your questions

Lesson content locked

If you're already enrolled, you'll need to login.

Enroll in Course to Unlock