1
00:00:07,800 --> 00:00:11,510
OK, so in the last lecture, I give you an introduction into the mind of Sheila.

2
00:00:12,070 --> 00:00:16,780
Now we're going to look at the last top 10 to be going through the methodologies that we're going to

3
00:00:16,780 --> 00:00:18,880
use in this course, persons might attack.

4
00:00:19,750 --> 00:00:21,070
Second, might Hirshfield.

5
00:00:21,100 --> 00:00:23,480
Now we're looking at the last top 10 methodology.

6
00:00:24,160 --> 00:00:26,490
You absolutely need to know its methodology inside and out.

7
00:00:27,000 --> 00:00:30,750
So if we go to Osberg, you can look at the data.

8
00:00:31,270 --> 00:00:36,340
Currently, this is the most recent data for this particular project and see how it was submitted and

9
00:00:36,340 --> 00:00:37,530
how it was contributed.

10
00:00:37,930 --> 00:00:40,140
But the important part, of course, is the main tab.

11
00:00:40,990 --> 00:00:45,970
Don't be fooled by the basic looking, you know, layout of the Web page gives a lot of really good

12
00:00:45,970 --> 00:00:46,550
information here.

13
00:00:46,600 --> 00:00:51,810
So what we want to do is we want to look at the top 10 security risks to web applications.

14
00:00:52,060 --> 00:00:53,770
What are defenders seeing in the field?

15
00:00:54,400 --> 00:00:57,820
And number one are injection flaws, flaws.

16
00:00:58,750 --> 00:01:00,050
And this doesn't just mean sequel.

17
00:01:00,220 --> 00:01:02,300
There are other types of injection, right?

18
00:01:02,830 --> 00:01:08,310
There's no sequel is OS injection, Ascham injection, this eldership injection, which is the first

19
00:01:08,320 --> 00:01:08,920
active directory.

20
00:01:09,110 --> 00:01:10,800
We're going to get into a lot of these in this course.

21
00:01:10,800 --> 00:01:14,030
So don't worry if you don't understand what this means yet, we're going to dive in.

22
00:01:14,050 --> 00:01:15,560
You're going to be writing these attacks in your lab.

23
00:01:16,020 --> 00:01:16,720
Give me a lot of fun.

24
00:01:16,990 --> 00:01:17,860
But if you click on one.

25
00:01:20,300 --> 00:01:21,440
Like injection, for example.

26
00:01:22,490 --> 00:01:23,590
We'll get some more information about it.

27
00:01:25,490 --> 00:01:32,690
So you can see, OK, now this is the threat agent, attack vector security witness and the impact and

28
00:01:32,690 --> 00:01:39,620
tells you how exploitable it is, how prevalent, how easy it is to detect how technical and what the

29
00:01:39,620 --> 00:01:40,460
business impact is.

30
00:01:41,470 --> 00:01:42,820
Then you can actually go down.

31
00:01:44,700 --> 00:01:49,230
And you get some of the technical stuff, so first you can see if the application is vulnerable to injection,

32
00:01:49,830 --> 00:01:50,810
tells you how to prevent it.

33
00:01:52,520 --> 00:01:57,140
And then when you scroll down, you actually get the attack scenario, so it actually tells you how

34
00:01:57,140 --> 00:01:59,030
to execute a sequel injection attack.

35
00:02:00,930 --> 00:02:04,080
It gets gets really, really technical, really hands on, so this is really, really cool, you can

36
00:02:04,080 --> 00:02:05,370
even get through some of these teachings.

37
00:02:06,740 --> 00:02:08,400
Right, that are relevant, so you can see.

38
00:02:08,600 --> 00:02:13,310
All right, here's a cheat sheet for SQL injection prevention so you can control click that and when

39
00:02:13,310 --> 00:02:17,570
it opens up, you'll have a nice, you know, little cheat sheet about, you know, preventing this

40
00:02:17,570 --> 00:02:18,740
particular attack vector.

41
00:02:20,450 --> 00:02:24,950
Everything has a table of contents, tells you, you know, OK, you need to parameterize your queries,

42
00:02:24,950 --> 00:02:29,420
you need to do, you know, input validation, you know, make sure you escape the queries properly

43
00:02:29,660 --> 00:02:30,750
and it's all in here.

44
00:02:30,770 --> 00:02:32,840
So this is a treasure trove of information.

45
00:02:32,960 --> 00:02:37,490
You don't need to know the whole thing, but it's really important that you're just aware that this

46
00:02:37,490 --> 00:02:37,960
is here.

47
00:02:38,480 --> 00:02:41,390
OK, and then you can click, of course, broken authentication.

48
00:02:41,390 --> 00:02:42,350
You can go to the next one.

49
00:02:44,060 --> 00:02:49,340
Again, you can look at how exploitable it is, how easy it is for someone to exploit this and what

50
00:02:49,340 --> 00:02:52,160
are some weaknesses, how easy is it to detect broken authentication?

51
00:02:53,110 --> 00:02:54,680
How can you tell if your application is vulnerable?

52
00:02:55,210 --> 00:02:56,450
Remember, we saw credential stuffing?

53
00:02:56,980 --> 00:02:59,620
Yeah, that's from the MicroTech framework, right.

54
00:02:59,620 --> 00:03:03,970
So you can see that this permit's automated attack, such as critical stuffing where the attacker has

55
00:03:03,970 --> 00:03:05,500
a list about usernames and passwords.

56
00:03:06,250 --> 00:03:06,520
Right.

57
00:03:06,520 --> 00:03:10,150
Because the authentication is broken, they might be able to use credentials that were leaked to the

58
00:03:10,150 --> 00:03:12,220
dark web to breach a Web application.

59
00:03:13,700 --> 00:03:17,990
Taught you how to prevent OK, says, hey, don't use a list of the top ten thousand words passwords,

60
00:03:17,990 --> 00:03:18,260
right?

61
00:03:19,130 --> 00:03:21,920
I mean, that sounds like common sense, but there it is.

62
00:03:22,520 --> 00:03:24,520
And you have some scenarios, right?

63
00:03:24,580 --> 00:03:27,200
So, I mean, again, this is really, really awesome stuff.

64
00:03:27,680 --> 00:03:29,750
And you really need to make sure that you go through all this stuff.

65
00:03:29,780 --> 00:03:31,520
So this is this is kind of mandatory, guys.

66
00:03:32,120 --> 00:03:38,900
And you can't call yourself a respectable cybersecurity professional if you aren't aware of these particular

67
00:03:38,900 --> 00:03:42,120
security risks and you can't explain it to someone else.

68
00:03:42,350 --> 00:03:42,940
Exactly.

69
00:03:43,040 --> 00:03:43,420
Absolutely.

70
00:03:43,430 --> 00:03:44,030
Need to know this.

71
00:03:44,320 --> 00:03:45,650
Right, since data exposure.

72
00:03:47,570 --> 00:03:52,990
No security misconfiguration, crosshatch coopting, come on, crosshatch, glyptic, SBB, insecurity,

73
00:03:52,990 --> 00:03:56,290
civilization, so just take the time to click through these again and don't feel bad.

74
00:03:56,290 --> 00:04:01,150
You don't feel don't feel like, you know, it all has to make sense the first time you read through

75
00:04:01,150 --> 00:04:03,820
it, you know, this stuff is going to go over your head in the beginning.

76
00:04:04,060 --> 00:04:05,800
I know it did for me when I was learning this stuff.

77
00:04:06,160 --> 00:04:09,520
But you just want to just kind of get in the habit of reading things even when it doesn't make sense,

78
00:04:09,520 --> 00:04:14,020
even when you're not apprehending everything and just start to get a feel for what's out there, get

79
00:04:14,020 --> 00:04:16,210
a feel for some of the attacks that are happening.

80
00:04:16,540 --> 00:04:21,100
In the very least, I would say click through each of these and then just read the if the application

81
00:04:21,100 --> 00:04:27,810
vulnerable section with the How to Prevent section and then go down and read the example attack scenarios.

82
00:04:27,870 --> 00:04:29,770
That's all you need to do is read the three cubes.

83
00:04:31,970 --> 00:04:36,590
Is the application vulnerable, how to prevent and example attack scenarios and do that for each of

84
00:04:36,590 --> 00:04:38,840
the top 10 and then you're good to go?

85
00:04:39,650 --> 00:04:40,670
That's really all you need to know.

86
00:04:40,670 --> 00:04:43,370
But make sure, you know, inside it out and can be good.

87
00:04:44,160 --> 00:04:46,190
OK, so that's all we have here.

88
00:04:46,190 --> 00:04:48,510
In the next lecture, I'm going to talk about taking notes.

89
00:04:48,530 --> 00:04:51,730
I know it sounds boring, but it's important because we don't take notes.

90
00:04:52,010 --> 00:04:53,960
You're going to get lost and things are going to get complicated.

91
00:04:53,960 --> 00:04:57,950
And when it comes time to write it, penetration testing report at the end of the engagement, it's

92
00:04:57,950 --> 00:04:58,640
not going to be great.

93
00:04:59,090 --> 00:04:59,290
Really?

94
00:04:59,350 --> 00:04:59,460
Really.

95
00:05:00,170 --> 00:05:02,480
The report is the only thing that matters when it comes to pensions.

96
00:05:02,630 --> 00:05:04,490
That's where you draw a value.

97
00:05:04,910 --> 00:05:07,710
So it's really, really important to learn the techniques.

98
00:05:07,880 --> 00:05:09,650
And so you really want to do so.

99
00:05:10,460 --> 00:05:15,530
So I'll see you guys in the next lecture, dig into taking notes that stay organized.

100
00:05:16,010 --> 00:05:16,170
So.