Michael Sommer

Web Security

Web Security Academy

Web Cache Deception Lab 005

Web Cache Deception Lab 005
Web Cache Deception Lab 004

Web Cache Deception Lab 004
Web Cache Deception Lab 003

Web Cache Deception Lab 003
Web Cache Deception Lab 002

Web Cache Deception Lab 002
Web Cache Deception Lab 001

Web Cache Deception Lab 001
Race Condition Lab 006

Race Condition Lab 006
Race Condition Lab 005

Race Condition Lab 005
Race Condition Lab 004

Race Condition Lab 004
Race Condition Lab 003

Race Condition Lab 003
Race Condition Lab 002

Race Condition Lab 002
Race Condition Lab 001

Race Condition Lab 001
NoSQL Lab 004

NoSQL Lab 004
NoSQL Lab 003

NoSQL Lab 003
NoSQL Lab 002

NoSQL Lab 002
NoSQL Lab 001

NoSQL Lab 001
JWT Lab01

JWT Lab01
JWT Lab02

JWT Lab02
JWT Lab03

JWT Lab03
JWT Lab04

JWT Lab04
JWT Lab05

JWT Lab05
JWT Lab06

JWT Lab06
JWT Lab07

JWT Lab07
JWT Lab08

JWT Lab08
CSRF where token is duplicated in cookie (Audio, Explanations)

CSRF where token is duplicated in cookie (Audio, Explanations)
CSRF where token is duplicated in cookie (Audio, Comments)

CSRF where token is duplicated in cookie (Audio, Comments)
CSRF vulnerability with no defenses (Video solution, Audio)

CSRF vulnerability with no defenses (Video solution, Audio)
CSRF where token validation depends on request method (Video solution, Audio)

CSRF where token validation depends on request method (Video solution, Audio)
CSRF where token validation depends on token being present (Video solution, Audio)

CSRF where token validation depends on token being present (Video solution, Audio)
CSRF where token is not tied to user session (Video solution, Audio)

CSRF where token is not tied to user session (Video solution, Audio)
CSRF where Referer validation depends on header being present (Video solution, Audio)

CSRF where Referer validation depends on header being present (Video solution, Audio)