Learn how proxies sit between your browser and web servers, intercept and modify requests and responses, and enable hands-on security testing by setting up proxy software on your local computer.

Learn how ports designate different services on servers, from port 80 for web traffic to port 443 for https, and how localhost 3000 can present entry points for hackers.

Learn how web proxies intercept browser requests and responses, using Burp Proxy to view and modify traffic, with a setup between the browser and a local rails server.

Explore http requests and responses through a proxy using Burp, focusing on get and post methods, http status codes, headers, cookies, and login/logout flows.

Learn the basics of encoding web data, including HTML encoding to prevent script execution and URL encoding to create safe browser links, ensuring proper display and security.

Explore brute forcing as a hacking technique, where attackers try many password combinations and probe directories and hidden pages to gain access, and learn how automated tools test credentials.

Explore how attackers evaluate a login page, identify usernames as email addresses, and brute-force passwords using hints and baby-name lists, plus automation strategies.

Explore how attackers use the harvester tool to collect emails, usernames, and domain data from multiple sources—google, bing, LinkedIn, and more—and discuss implications for web security and defense strategies.

Explore how to use automated brute force to test usernames derived from real name lists, relying on login error messages to distinguish valid accounts.

Fix login error handling by replacing specific messages with a generic 'incorrect username or password,' preventing attackers from distinguishing valid usernames or passwords during authentication.

Enforce strong passwords with a format validator and a regular expression requiring at least six characters, one digit, one lowercase, one uppercase, and one special character.

Protect your app with the rack attack gem by throttling requests and whitelisting and blacklisting, configuring middleware and an initializer to block brute force attempts on the login page.

Demonstrate how logging in as a normal user and modifying query string parameters can access other users' data, exposing vulnerabilities and unauthorized access to personal information.

Identify and fix a security flaw by replacing query string user_id lookups with the current user from the session, and audit controllers to prevent data leakage.

Identify a security hole where the app trusts a user id from the query string rather than the logged-in user, risking access to other users' data and using code search.

Explore how attackers discover hidden admin pages by guessing URLs and evaluating error messages, and see how directory brute-forcing tools like dirbuster speed up the process.

Automate directory discovery with DirBuster to brute force server folders and reveal an admin dashboard, highlighting the need for proper page authorization.

Examine how a before filter and a user-controlled admin parameter in the query string can bypass admin access, and fix by enforcing the before filter and removing the parameter check.

Explain cross-site scripting, where injected javascript runs from user input on pages; learn to prevent it by encoding input and using safe rendering.

Explore how untrusted data enables cross-site scripting (XSS) by injecting JavaScript into a profile page, risking session hijack, defacement, and redirects via improper encoding and HTML safe usage.

Explore the beef hacking tool for cross-site scripting demonstrations, including its hook JavaScript, control panel, and browser compromise capabilities demonstrated via a local Rails setup.

Jon and Chris break down SQL injection, showing how crafted input can alter database queries and bypass login checks to reveal sensitive data such as social security numbers.

Explore SQL basics, including select and where clauses, and see how Rails Active Record translates Ruby queries into database queries via the Rails console.

Identify sql injection vulnerabilities by manually testing sql queries with crafted inputs using burp, observing server errors such as 500, ActiveRecord sql exception, and unrecognized token in select queries.

Demonstrates using sqlmap to test a sql injection point, enumerate databases and tables in sqlite, extract user data and ssn, and discuss handling cookies and redirections.

Convert from dynamic sql to parameterized sql to prevent sql injection, using a question mark placeholder and bound parameters to keep the query structure secure.

Store secrets outside of code and configuration files to prevent exposure in repos. Use environment variables and git ignore to keep keys like secret base key and passwords safe.

Discover how Rails stores secret information with password hashes and MD5, how login authenticates via a one-way hash, and how SQL injection can expose hashes.

Learn to crack password hashes using John the Ripper, with the Jumbo seven patch, a raw MD5 format, and a large word list to test passwords against hashes.

Learn how md5 weakens password security and how to replace it with bcrypt, add per-user salts, and migrate the database to store password_hash and password_salt.

Encrypt all sensitive data stored in the database and backups, ensure only authorized users can decrypt, and use strong algorithms with secure key management.

Explore how the code encrypts and decrypts social security numbers with the open ssl library using a 256 encryption type and per-user initialization vectors.

before saving, encrypt the ssn to avoid clear text in the database, and store the key in a config file or environment variable for production and development.

Mask social security numbers and encrypt sensitive data by updating the view and model, using a helper for masking, key management with a random initialization vector, and demo seeds.

Explore how command injection lets attackers run arbitrary system commands by injecting user-supplied data into server commands during file uploads, with a Rails example highlighting insecure backups and execution.

Demonstrates securing file operations by replacing a vulnerable system shell copy with a safe file copy via file utilities, and explains parameterized system commands to prevent injection.

Explore what an API is and how websites and programs query it to retrieve data, using curl with a one month simple website API and the Twitter API.

Explore accessing models via an api, test endpoints with curl using tokens, and learn to minimize data by returning only essential fields such as id, admin flag, email, and names.

Use a json method to limit returned fields in api responses, returning only id, email, first name, and last name, while omitting passwords and the auth token.

Demonstrate cross-site request forgery by showing how an attacker tricks a logged-in user to make a valid request, using the browser's cookies to trigger actions.

Learn how cross-site request forgery exploits authenticated sessions by exploiting cookies and predictable http requests, demonstrated with a vacation calendar to show how a forged post can succeed.

Explore how a cross-site request forgery attack uses an html form and cookies to perform actions on behalf of an authenticated user, demonstrated through a hands-on, real-life simulation.

Explore how a CSRF attack leverages a logged-in user's cookies to forge requests, with a 2007 Gmail example where attachments are forwarded to an attacker.

Learn how Rails protects against cross-site request forgery by using an authenticity token tied to the user session and inserted via CSRF meta tags, preventing forged requests.