- Next, I want us to discuss cookie visibility…and to see how easy it is to steal browser cookies.…When you set a cookie to be stored in a user's browser,…that cookie data is visible to users.…In many browsers, a user can go into the preferences area…and inspect their cookies.…I've noticed recently that some browsers…have decided to make that process harder,…but older versions still make it very easy.…You have to assume that any cookie data that you set…is visible to users.…Cookies can also be stolen…using cross-site scripting attacks.…
We've already learned how cross-site scripting…can put JavaScript on a page to be executed.…All a hacker has to do is to tell that custom JavaScript…to get your cookie data…and to send it to a URL that they control.…It works something like this, by calling document.cookie…they can access that cookie data…and then send it to their URL,…and cookies can also be sniffed…by observing network traffic.…In the last movie we saw what an HTTP…request header looks like.…The cookie information was visible…
Author
Kevin Skoglund
Released
2/19/2014This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments
Skill Level Beginner
Duration
Views
-
Introduction
-
Introduction49s
-
-
1. Security Overview
-
What is security?2m 26s
-
Why security matters4m 14s
-
What is a hacker?6m 4s
-
Get in the security mind-set3m 19s
-
Write a security policy3m 25s
-
-
2. General Security Principles
-
Least privilege3m 53s
-
Simple is more secure2m 35s
-
Never trust users3m 23s
-
Expect the unexpected1m 53s
-
Defense in depth2m 30s
-
Security through obscurity2m 41s
-
-
3. Filtering Input, Controlling Output
-
Regulating requests2m 37s
-
Validating input7m 15s
-
Sanitizing data7m 35s
-
Labeling variables2m 15s
-
Keeping code private4m 16s
-
Keeping credentials private5m 46s
-
Keeping error messages vague2m 34s
-
Smart logging5m 42s
-
-
4. The Most Common Attacks
-
Cross-site scripting (XSS)4m 54s
-
SQL injection6m 33s
-
URL manipulation5m 33s
-
Faked requests and forms5m 16s
-
Cookie visibility and theft3m 49s
-
Session hijacking6m 22s
-
Session fixation3m 4s
-
Remote system execution3m 6s
-
File-upload abuse2m 20s
-
Denial of service5m 28s
-
-
5. Encryption and User Authentication
-
Password encryption4m 12s
-
Salting passwords5m 33s
-
Password requirements3m 18s
-
Brute-force attacks8m 32s
-
Using SSL for login5m 9s
-
Protecting cookies2m 33s
-
Regulating access privileges4m 11s
-
Handling forgotten passwords5m 59s
-
Multi-factor authentication6m 15s
-
-
6. Other Areas of Concern
-
Credit card payments5m 36s
-
Regular expression flaws5m 2s
-
Buffer overflows2m 30s
-
Source code managers5m 9s
-
Database security4m 58s
-
Server security4m 45s
-
-
Conclusion
-
Goodbye46s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Cookie visibility and theft