6005-CEM Security

Introduction

6005-CEM Security

Home
Module Information
Module Information
- Module Guide
- About these Docs
Assesment
Assesment
Week 1 Introduction
Week 1 Introduction
- Materials
  Materials
- Online Lecture
  Online Lecture
  - Lecture
  - Task
- On Campus
  On Campus
  - Part1
- Extra
  Extra
  - BFF Part 1
Week 2 Legal Factors
Week 2 Legal Factors
- Materials
  Materials
- Online Lecture
  Online Lecture
  - Lecture
  - Task
- On Campus
  On Campus
  - Lab Session
Week 3 Secure Design and Infrastructure
Week 3 Secure Design and Infrastructure
- Materials
  Materials
- Online Lectures
  Online Lectures
  - Lecture
- On Campus
  On Campus
  - Lab Session 1
Week 4 On Campus Lab
Week 4 Cryptography
Week 4 Cryptography
- Materials
  Materials
- Online Lectures
  Online Lectures
  - Lecture
- On Campus Lab Session
  On Campus Lab Session
  - Using Hashes
Week 5 Cryptography
Week 5 Cryptography
- Materials
  Materials
- On Campus Lab Session
  On Campus Lab Session
  - Chat Client
Week 6 Common Vulnerblitlites and Audit
Week 6 Common Vulnerblitlites and Audit
- Materials
  Materials
Week 7 HTTP and SQL Injection
Week 7 HTTP and SQL Injection
- Materials
  Materials
  - Introduction
  - Recap
    Recap
    
    HTTP
    
    Requests
  - Tools To Automate Requests
  - Storing State in HTTP
  - SQL And Injection
  - SQL Injection
  - Database Enumeration
  - Blind SQL Injecton
- Live Lab Session
  Live Lab Session
Week 8 Shells and XSS
Week 8 Shells and XSS
- Materials
  Materials
- Live Lab Session
  Live Lab Session
  - Lab Task
Week 9 RCE
Week 9 RCE
- Materials
  Materials
- Lab Tasks
Week 10 Deserialisation and NoSQL
Week 10 Deserialisation and NoSQL
- Materials
  Materials
- Activities
Week 11 Overflows
Week 11 Overflows
- Materials
  Materials
- Extra
  Extra
  - Detailed Stack Walkthrough
- Activities
  Activities
  - Overflows Lab
Tools and Cheatsheets
Tools and Cheatsheets

Insecure Deserialization and No SQL injection

This week we are going to look at our final two web related topics

Insecure Deserialization
No SQL Injection

Insecure deserialization is another of the OWASP Top 10 Vulnerabilities Its commonly found in systems where data is encoded and passed between components. The consequences of insecure deserialization can be severe, with RCE or information leakage a high probability

We will also look at NoSQL injection. Like its more famous cousin SQL Injection, this is where a user is able to inject statements into database queries, and modify the types of data returned. Its also related to the insecure deserialization problem, as it depends on the way the database engine handles data passed in as part of the query.