In this video I’m going to show you all the most common web vulnerabilities. I’m going to explain the concept, show examples, and apply the exploit on the damn vulnerable website. This video is a great source for red teaming activities, penetration testing, or simply learning how to secure your web application.
#ethical_hacking #penetration_testing

Educational purposes only!

Chapters:
0:00 Intro
0:30 Mass Assignment
2:56 Cross-Site Scripting
3:54 Insecure Direct Object Reference
6:51 NoSQL Injection
8:46 Information Disclosure
9:46 Hidden API Functionality Exposure
11:11 Cross-Origin Resource Sharing Misonfiguration
13:31 SQL Injection
16:12 XML External Entity Injection (XXE)
18:09 Command Injection
20:16 XPATH Injection
22:57 Open Redirect
24:46 Path Traversal
26:11 Unsafe Deserialization
27:16 Sensitive Data Exposure
28:02 GraphQL Arbitrary File Write
29:05 GraphQL Batching Brute Force

Sources:

Vulnerable website shown in Demo
https://github.com/snoopysecurity/dvw...

Resources on all vulnearbilities
https://portswigger.net/web-security
https://cheatsheetseries.owasp.org/
https://knowledge-base.secureflag.com...
https://www.packetlabs.net/posts/cros...