token-hijacking-with-pdf

Token Hijacking via PDF

PDF files are everywhere and they can be used to hack your web application. Imagine that the attacker prepares a malicious PDF file which steals sensitive data from a user. The PDF file is uploaded to the web application, the user reads this PDF file, and finally sensitive data is exfiltrated from the user’s browser. It’s scary, isn’t it?

bypass (1)

Bypassing CSP via ajax.googleapis.com

Content Security Policy (CSP) is the number one defensive technology in modern web applications. Many developers add ajax.googleapis.com to CSP definitions, because they use libraries from this very popular CDN in their web applications. The problem is that it completely bypasses the CSP and obviously you don’t want that to happen.

exploiting-race-conditions

Exploiting Race Conditions

A race condition attack is one of the most dangerous and underestimated attacks on modern web applications. It’s related to concurrency and multithreading. As a result of this attack an attacker, who has $1000 in his bank account, can transfer more than $1000 from his bank account.

source-incite

Center for Cyber Security Training Signs Exclusive Partnership with Leading Training Provider Source Incite

The technology stacks of Web applications today are becoming increasingly complex. In order to discover deep vulnerability patterns and exploit primitives, analysis of the underlying source code is required. This course is designed for penetration testers, red teamers and developers that want to move beyond blackbox penetration testing to find and exploit high impact server-side vulnerabilities.

About Center for Cyber Security Training

Center for Cyber Security Training is dedicated to providing the innovative cybersecurity training solutions that government agencies and private businesses need.

Contact us

logo-60

Copyright 2019 - Center For Cyber Security Training.
All rights reserved.