Come watch as I implement exploits for some of the most common attacks in web software, and teach you how to defend against them.
Shout out to @LowLevelTV for inspiring me to make this episode. Software security is an incredibly important part of the software development process, yet highly overlooked and taken for granted. That is until customers lives get ruined, identities get stolen, all because you type '-' vs '=' . Literally a single character! I hope that you all can learn something from this and hopefully motivate you to dive deeper into software security. It's super cool, very important, and advances your career.
1:30 OWASP top 10 vulnerabilities list
3:05 AI explanation of cross site scripting
4:37 Project setup for site under test
6:02 Why I use express over bun built in libraries
6:30 Installing npm packages from privately hosted repository on homelab using bunfig
8:00 Implementing a web service with SwizzyWebService framework
11:50 I want to fix this naming
13:30 Create home page router
14:00 Controversial opinion on Javascript const, tell me I'm wrong!
15:06 Adding the ejs view engine and template
16:21 Wiring up web service to render the view
21:36 Wire up web service
21:45 Do imports ever need .ts?
22:40 Debug, fix bugs
25:05 Bugs fixed, website running
25:15 Runtime bug
27:50 Fixed bug
28:24 Explanation of in memory caching
29:43 Implementing the server side vulnerability
33:00 Implement xss on frontend template
36:25 Exploiting the vulnerability
37:30 PWND!
39:00 How to defend against this
41:28 Building the evil spy service
44:55 Overview of malicious service
49:55 Writing the malicious browser code
51:40 Demo of local storage
53:20 XMLHttpRequest (vanilla js)
1:02:20 Blocked by CORS!
1:14:00 Settling for a supply chain attack
1:22:00 The scary reality
1:26:50 Inspiration for my next project
Broadcasted live on Twitch -- Watch live at www.twitch.tv/wannawatchmecode