637
  • Getting Started - nVisium Secure Code Courses - Duration: 32 minutes.

    • 7 months ago
    • 222 views
    A tutorial on getting started and using nVisium's On Demand Training Platform
  • nVisium Webinar: Keeping Up (Modern Software Security) - Duration: 1 hour, 2 minutes.

    • 7 months ago
    • 84 views
    CEO and CTO, Jack Mannino and Ken Johnson, discuss modern security challenges and solutions around Microservices, Code as Infrastructure, and Cloud security.
  • nVisium Webinar SAMM v1 5 with Brian Glas - Duration: 33 minutes.

    • 9 months ago
    • 245 views
    Brian Glas, a managing consultant at nVisium, walks us through the OWASP SAMM project and how to build a mature security program at your organization.

    If you are interested in hearing more about n...
  • nVisium On-Demand Training Platform (Application Security) - Duration: 62 seconds.

    • 1 year ago
    • 472 views
    Our on-demand training platform is intended to replace antiquated application security training methods such as generic CBTs (computer-based training), where students watch videos and answer multip...
  • Java - Identify Cross-Site Request Forgery (CSRF) - Duration: 2 minutes, 50 seconds.

    • 1 year ago
    • 649 views
    This video is part of a training product developed by nVisium to test students in a real application on competency with secure coding concepts. It originates from our Java course and covers identif...
  • Java - Identify Command Injection - Duration: 3 minutes, 53 seconds.

    • 1 year ago
    • 228 views
    This video is part of a training product developed by nVisium to test students in a real application on competency with secure coding concepts. It originates from our Java course and covers mitigat...
  • Java Identify Using Components with Known Vulnerabilities - Duration: 3 minutes, 23 seconds.

    • 1 year ago
    • 106 views
    This video is part of a larger product developed by nVisium to test students in a real application on competency with secure coding concepts. It originates from our Java course and covers identifyi...
  • Java SQL Injection Mitigation - Duration: 3 minutes, 26 seconds.

    • 1 year ago
    • 337 views
    This video is part of a larger product developed by nVisium to test students in a real application on competency with secure coding concepts. It originates from our Java course and covers mitigatin...
  • Django Broken Authentication - Credential Storage - Duration: 2 minutes, 40 seconds.

    • 1 year ago
    • 127 views
    This video demonstrates upgrading the password hashing used by a Django application. We demonstrate fixing an application that uses a weak hashing algorithm (MD5). This video clip is a small sample...
  • Time Based Username Enumeration - Duration: 14 minutes.

    • 1 year ago
    • 179 views
    This tutorial is focused around demonstrating the enumeration of valid accounts on web sites leveraging time-based comparison code written by the video's author, John Poulin. We briefly describe th...
  • Grails Security Misconfiguration - Duration: 4 minutes, 36 seconds.

    • 1 year ago
    • 38 views
    In this tutorial, we discuss the Security Misconfiguration section of OWASP's Top 10 (A5). We provide tools for monitoring your environment and some basic checks for security misconfiguration in Gr...
  • Grails Insecure Direct Object Reference - Duration: 4 minutes, 50 seconds.

    • 1 year ago
    • 49 views
    This video demonstrates common ways in which Insecure Direct Object Reference (A4/IDOR) manifest within a Grails application. We demonstrate remediating IDOR flaws within Grails. This tutorial is p...
  • Grails XSS - Duration: 5 minutes, 31 seconds.

    • 1 year ago
    • 49 views
    This video demonstrates common ways in which Cross-Site Scripting (A3/XSS) manifest within a Grails application. We demonstrate remediating XSS flaws within Grails. This tutorial is part of the Gra...
  • Grails SQL Injection and Broken Auth/Session Mgmt. - Duration: 9 minutes, 15 seconds.

    • 1 year ago
    • 133 views
    This video demonstrates common Injection (A1) and Broken Authentication & Session Management (A2) flaws within a Grails application and shows remediating or mitigating these flaws. This tutorial is...
  • nVisium Webinar - AWS Security - Duration: 51 minutes.

    • 1 year ago
    • 216 views
    nVisium CTO, Ken Johnson, discusses his lessons learned and approach for hardening, monitoring, and disaster recovery as it applies to AWS Security.

    Slides available here: https://nvisium.com/docu...
  • Intro to Web Hacking 10 of 10 - Duration: 14 minutes.

    • 1 year ago
    • 217 views
    In this tutorial we cover Cross-Site Scripting (XSS) from manual and automated detection to exploitation and preventative measures.
  • Intro to Web Hacking 9 of 10 - Duration: 8 minutes, 45 seconds.

    • 1 year ago
    • 154 views
    In this tutorial we demonstrate and discuss business and functional logic flaws. We discuss how to identify functionality that might be vulnerable as well as how to exploit it.
  • Intro to Web Hacking 8 of 10 - Duration: 17 minutes.

    • 1 year ago
    • 183 views
    In this tutorial we demonstrate and discuss detection, exploitation, and prevention of SQL Injection. We show exactly what a SQL query looks like, how it works, how the vulnerable code is written, ...
  • Intro to Web Hacking 7 of 10 - Duration: 12 minutes.

    • 1 year ago
    • 239 views
    This video covers common access control weaknesses and how to asses these security controls as well as exploit them.

    We explain and demonstrate:

    Forceful Browsing
    Parameter Based Controls
    Non-UI ...
  • Intro to Web Hacking 6 of 10 - Duration: 16 minutes.

    • 1 year ago
    • 266 views
    This video covers common session management weaknesses and how to asses these security controls as well as exploiting them. We explain and demonstrate:

    Session Fixation
    Cookie Flags
    Session Termin...
  • Intro to Web Hacking 5 of 10 - Duration: 14 minutes.

    • 1 year ago
    • 300 views
    This video discusses common authentication weaknesses and how to asses these security controls as well as exploiting them. We explain and demonstrate:

    Username Enumeration
    Insecure Account Lockout...
  • Intro to Web Hacking 4 of 10 - Duration: 10 minutes.

    • 1 year ago
    • 450 views
    This video discusses Client-Side controls and how the play a part in vulnerability discovery and exploitation. We explain and demonstrate:

    Hidden Form Fields
    .NET ViewState
    JavaScript Controls
    Bur...
  • Intro to Web Hacking 3 of 10 - Duration: 9 minutes, 34 seconds.

    • 1 year ago
    • 415 views
    This is the third episode in our Intro to Web Hacking series. This tutorial covers basic techniques for mapping an application's attack surface. We discuss the purpose of performing mapping & enume...
  • Intro to Web Hacking 2 of 10 - Duration: 14 minutes.

    • 1 year ago
    • 467 views
    This is the second video in our "Intro to Web Hacking" series. We cover fundamental aspects of the web that a viewer will need in order to be proficient at web hacking.

    In this video we explain an...
  • Intro to Web Hacking 1 of 10 - Duration: 10 minutes.

    • 1 year ago
    • 1,389 views
    This tutorial is Part 1 of our "Introduction to Web Hacking" series and is intended for absolute beginners. In this tutorial, we discuss the basics of HTTP Requests & Responses, explain the Documen...
  • Swift Security - Duration: 9 minutes, 20 seconds.

    • 1 year ago
    • 142 views
    In this tutorial, we demonstrate two of the OWASP Mobile Top 10 categories. Insecure Data Storage and Unintended Data Leakage. We show how these flaws manifest in a Swift application. Seth Law, the...
  • intro to burp extender jython - Duration: 13 minutes.

    • 1 year ago
    • 1,038 views
    In this episode, we show building two Burp extensions in Python. One plugin is a simple "hello world" style plugin with explanations. The second plugin creates an additional tab at the HTTP message...
  • Django SQL Injection - Duration: 8 minutes, 56 seconds.

    • 1 year ago
    • 1,433 views
    This video demonstrates common ways in which Injection issues manifest within a Django application. We demonstrate remediating Injection flaws within Django. This video clip is a small sample deriv...
  • Django Cross-Site Scripting (XSS) - Duration: 5 minutes, 54 seconds.

    • 1 year ago
    • 654 views
    This video demonstrates common ways in which Cross-Site Scripting (OWASP A3/XSS) manifest within a Django application. We demonstrate remediating XSS flaws within Django. This video clip is a small...
  • Node.js + Passport.js + Sequelize.js - Duration: 12 minutes.

    • 1 year ago
    • 16,734 views
    In this tutorial we show implementing Sequelize with Passport.js in a Node.js/Express.js application. The purpose of this tutorial is to show the basics of hashing a user's password, Sequelize vali...
  • Rails Security Misconfiguration - Duration: 7 minutes, 17 seconds.

    • 1 year ago
    • 111 views
    This tutorial covers common security misconfigurations in Ruby on Rails applications as well as prevention and is listed as OWASP's A5 category. We demonstrate the use of tools to detect outdated s...
  • Rails Injection - Duration: 13 minutes.

    • 1 year ago
    • 227 views
    This tutorial explains common ways in which SQL Injection and Command Injection (A1) manifest within a Ruby on Rails application. We demonstrate both impact and remediation and provide helpful reso...
  • Rails Session Management - Duration: 16 minutes.

    • 1 year ago
    • 1,295 views
    This tutorial covers session related weaknesses and is part 1 of a 2 part tutorial on OWASP's A2 category. We demonstrate session fixation weaknesses and provide the resolution, thoroughly explain ...
  • Rails Broken Authentication - Duration: 16 minutes.

    • 1 year ago
    • 65 views
    This tutorial covers authentication weaknesses and is part 2 of a 2 part tutorial on OWASP's A2 category. We discuss and demonstrate password complexity weaknesses, username enumeration, brute-forc...
  • Rails Cross-Site Scripting (XSS) - Duration: 12 minutes.

    • 1 year ago
    • 238 views
    This video demonstrates common ways in which Cross-Site Scripting (A3/XSS) manifest within a Ruby on Rails application. We demonstrate remediating XSS flaws within Ruby on Rails. This tutorial is p...
  • Rails Insecure Direct Object Reference - Duration: 8 minutes, 16 seconds.

    • 1 year ago
    • 113 views
    In this tutorial, we cover Insecure Direct Object Reference (IDOR) weaknesses and how they manifest in Ruby on Rails. We show preventive measures that can be taken and demonstrate how the attack oc...
  • Rails Sensitive Data Exposure - Duration: 13 minutes.

    • 1 year ago
    • 179 views
    This tutorial discusses Sensitive Data Exposure in Ruby on Rails applications as well as prevention and is listed as OWASP's A6 category. We demonstrate implementing encryption, hashing passwords u...
  • Rails Missing Function Level Access Control - Duration: 9 minutes, 3 seconds.

    • 1 year ago
    • 104 views
    This tutorial discusses Missing Function Level Access Control and how it occurs in Rails applications. This category of weakness is listed as OWASP's A7 category. We demonstrate weaknesses in acces...
  • Rails Cross-Site Request Forgery (CSRF) - Duration: 12 minutes.

    • 1 year ago
    • 360 views
    This tutorial discusses Cross-Site Request Forgery (CSRF), Rails anti-CSRF mechanisms, commons mistakes in Rails applications, as well as a demonstration of the attack.
  • Rails Using Known Vulnerable Components - Duration: 4 minutes, 4 seconds.

    • 1 year ago
    • 46 views
    In this tutorial we discuss how the A9 category effects Rails applications and show tools to prevent these problems in your application.
  • Rails Unvalidated Redirects and Forwards - Duration: 5 minutes, 41 seconds.

    • 1 year ago
    • 85 views
    In this video we discuss OWASP'S A10 category, Unvalidated Redirects and Forwards. We provide a description of the issue, demonstrate the attack, and provide several solutions.
  • Security in Agile/DevOps Environments - Duration: 53 minutes.

    • 1 year ago
    • 41 views
    James Wickett, Matt Tesauro, Jimmy Mesta, and Justin Collins discuss building security into modern development environments.
  • IoT & Wearables Security - Duration: 58 minutes.

    • 1 year ago
    • 26 views
    nVisium's VP of Solutions, David Lindner, discusses security issues around wearable technology.
  • Beyond the Pentest: Evolving Security Landscape - Duration: 49 minutes.

    • 1 year ago
    • 64 views
    Q&A with security industry experts Rob Fuller, Chris Gates, Robin Wood, and Seth Law. In this episode our special guests answer questions from our audience members about such things as public inter...
  • Top 3 Rails Security Issues - Duration: 40 minutes.

    • 1 year ago
    • 76 views
    nVisium's CTO, Ken Johnson, discusses nVisium's Top 3 Ruby on Rails application security issues.
  • Exploring Obscure Web App Vulnerabilities - Duration: 1 hour, 30 minutes.

    • 1 year ago
    • 110 views
    nVisium's Managing Consultant, Tim Tomes, discusses obscure web application vulnerabilities.
  • Android Lollipop Security - Duration: 25 minutes.

    • 1 year ago
    • 32 views
    nVisium's CEO, Jack Mannino discusses Android's Lollipop security.
  • xssValidator Training - Duration: 12 minutes.

    • 3 years ago
    • 3,655 views
    John Poulin demonstrates leveraging nVisium's open source tool "xssValidator" using PhantomJS and SlimerJS with Burp Suite in order to detect and confirm XSS. For similar free training videos visit...
  • Intro to Burp Suite - Duration: 12 minutes.

    • 3 years ago
    • 1,675 views
    This tutorial provides an introduction to configuring and using Burp Suite. We leverage a free version of Burp (1.6) in order to show basic options that a tester would want to incorporate into thei...
  • Intro to Burp Extender (Java) - Duration: 13 minutes.

    • 3 years ago
    • 2,194 views
    This video provides the basics of using Burp Suite's Extender functionality with Java. For similar free training videos visit https://seccasts.com/ and make an account!
to add this to Watch Later

Add to

Loading playlists...