539
  • Getting Started - nVisium Secure Code Courses - Duration: 32 minutes.

    • 4 months ago
    • 159 views
    A tutorial on getting started and using nVisium's On Demand Training Platform
  • nVisium Webinar: Keeping Up (Modern Software Security) - Duration: 1 hour, 2 minutes.

    • 4 months ago
    • 72 views
    CEO and CTO, Jack Mannino and Ken Johnson, discuss modern security challenges and solutions around Microservices, Code as Infrastructure, and Cloud security.
  • nVisium Webinar SAMM v1 5 with Brian Glas - Duration: 33 minutes.

    • 6 months ago
    • 175 views
    Brian Glas, a managing consultant at nVisium, walks us through the OWASP SAMM project and how to build a mature security program at your organization.

    If you are interested in hearing more about n...
  • nVisium On-Demand Training Platform (Application Security) - Duration: 62 seconds.

    • 10 months ago
    • 436 views
    Our on-demand training platform is intended to replace antiquated application security training methods such as generic CBTs (computer-based training), where students watch videos and answer multip...
  • Java - Identify Cross-Site Request Forgery (CSRF) - Duration: 2 minutes, 50 seconds.

    • 11 months ago
    • 490 views
    This video is part of a training product developed by nVisium to test students in a real application on competency with secure coding concepts. It originates from our Java course and covers identif...
  • Java - Identify Command Injection - Duration: 3 minutes, 53 seconds.

    • 1 year ago
    • 180 views
    This video is part of a training product developed by nVisium to test students in a real application on competency with secure coding concepts. It originates from our Java course and covers mitigat...
  • Java Identify Using Components with Known Vulnerabilities - Duration: 3 minutes, 23 seconds.

    • 1 year ago
    • 87 views
    This video is part of a larger product developed by nVisium to test students in a real application on competency with secure coding concepts. It originates from our Java course and covers identifyi...
  • Java SQL Injection Mitigation - Duration: 3 minutes, 26 seconds.

    • 1 year ago
    • 238 views
    This video is part of a larger product developed by nVisium to test students in a real application on competency with secure coding concepts. It originates from our Java course and covers mitigatin...
  • Django Broken Authentication - Credential Storage - Duration: 2 minutes, 40 seconds.

    • 1 year ago
    • 115 views
    This video demonstrates upgrading the password hashing used by a Django application. We demonstrate fixing an application that uses a weak hashing algorithm (MD5). This video clip is a small sample...
  • Time Based Username Enumeration - Duration: 14 minutes.

    • 1 year ago
    • 153 views
    This tutorial is focused around demonstrating the enumeration of valid accounts on web sites leveraging time-based comparison code written by the video's author, John Poulin. We briefly describe th...
  • Grails Security Misconfiguration - Duration: 4 minutes, 36 seconds.

    • 1 year ago
    • 35 views
    In this tutorial, we discuss the Security Misconfiguration section of OWASP's Top 10 (A5). We provide tools for monitoring your environment and some basic checks for security misconfiguration in Gr...
  • Grails Insecure Direct Object Reference - Duration: 4 minutes, 50 seconds.

    • 1 year ago
    • 37 views
    This video demonstrates common ways in which Insecure Direct Object Reference (A4/IDOR) manifest within a Grails application. We demonstrate remediating IDOR flaws within Grails. This tutorial is p...
  • Grails XSS - Duration: 5 minutes, 31 seconds.

    • 1 year ago
    • 44 views
    This video demonstrates common ways in which Cross-Site Scripting (A3/XSS) manifest within a Grails application. We demonstrate remediating XSS flaws within Grails. This tutorial is part of the Gra...
  • Grails SQL Injection and Broken Auth/Session Mgmt. - Duration: 9 minutes, 15 seconds.

    • 1 year ago
    • 112 views
    This video demonstrates common Injection (A1) and Broken Authentication & Session Management (A2) flaws within a Grails application and shows remediating or mitigating these flaws. This tutorial is...
  • nVisium Webinar - AWS Security - Duration: 51 minutes.

    • 1 year ago
    • 206 views
    nVisium CTO, Ken Johnson, discusses his lessons learned and approach for hardening, monitoring, and disaster recovery as it applies to AWS Security.

    Slides available here: https://nvisium.com/docu...
  • Intro to Web Hacking 10 of 10 - Duration: 14 minutes.

    • 1 year ago
    • 187 views
    In this tutorial we cover Cross-Site Scripting (XSS) from manual and automated detection to exploitation and preventative measures.
  • Intro to Web Hacking 9 of 10 - Duration: 8 minutes, 45 seconds.

    • 1 year ago
    • 134 views
    In this tutorial we demonstrate and discuss business and functional logic flaws. We discuss how to identify functionality that might be vulnerable as well as how to exploit it.
  • Intro to Web Hacking 8 of 10 - Duration: 17 minutes.

    • 1 year ago
    • 149 views
    In this tutorial we demonstrate and discuss detection, exploitation, and prevention of SQL Injection. We show exactly what a SQL query looks like, how it works, how the vulnerable code is written, ...
  • Intro to Web Hacking 7 of 10 - Duration: 12 minutes.

    • 1 year ago
    • 196 views
    This video covers common access control weaknesses and how to asses these security controls as well as exploit them.

    We explain and demonstrate:

    Forceful Browsing
    Parameter Based Controls
    Non-UI ...
  • Intro to Web Hacking 6 of 10 - Duration: 16 minutes.

    • 1 year ago
    • 209 views
    This video covers common session management weaknesses and how to asses these security controls as well as exploiting them. We explain and demonstrate:

    Session Fixation
    Cookie Flags
    Session Termin...
  • Intro to Web Hacking 5 of 10 - Duration: 14 minutes.

    • 1 year ago
    • 240 views
    This video discusses common authentication weaknesses and how to asses these security controls as well as exploiting them. We explain and demonstrate:

    Username Enumeration
    Insecure Account Lockout...
  • Intro to Web Hacking 4 of 10 - Duration: 10 minutes.

    • 1 year ago
    • 347 views
    This video discusses Client-Side controls and how the play a part in vulnerability discovery and exploitation. We explain and demonstrate:

    Hidden Form Fields
    .NET ViewState
    JavaScript Controls
    Bur...
  • Intro to Web Hacking 3 of 10 - Duration: 9 minutes, 34 seconds.

    • 1 year ago
    • 333 views
    This is the third episode in our Intro to Web Hacking series. This tutorial covers basic techniques for mapping an application's attack surface. We discuss the purpose of performing mapping & enume...
  • Intro to Web Hacking 2 of 10 - Duration: 14 minutes.

    • 1 year ago
    • 360 views
    This is the second video in our "Intro to Web Hacking" series. We cover fundamental aspects of the web that a viewer will need in order to be proficient at web hacking.

    In this video we explain an...
  • Intro to Web Hacking 1 of 10 - Duration: 10 minutes.

    • 1 year ago
    • 1,052 views
    This tutorial is Part 1 of our "Introduction to Web Hacking" series and is intended for absolute beginners. In this tutorial, we discuss the basics of HTTP Requests & Responses, explain the Documen...
  • Swift Security - Duration: 9 minutes, 20 seconds.

    • 1 year ago
    • 109 views
    In this tutorial, we demonstrate two of the OWASP Mobile Top 10 categories. Insecure Data Storage and Unintended Data Leakage. We show how these flaws manifest in a Swift application. Seth Law, the...
  • intro to burp extender jython - Duration: 13 minutes.

    • 1 year ago
    • 796 views
    In this episode, we show building two Burp extensions in Python. One plugin is a simple "hello world" style plugin with explanations. The second plugin creates an additional tab at the HTTP message...
  • Django SQL Injection - Duration: 8 minutes, 56 seconds.

    • 1 year ago
    • 1,026 views
    This video demonstrates common ways in which Injection issues manifest within a Django application. We demonstrate remediating Injection flaws within Django. This video clip is a small sample deriv...
  • Django Cross-Site Scripting (XSS) - Duration: 5 minutes, 54 seconds.

    • 1 year ago
    • 461 views
    This video demonstrates common ways in which Cross-Site Scripting (OWASP A3/XSS) manifest within a Django application. We demonstrate remediating XSS flaws within Django. This video clip is a small...
  • Node.js + Passport.js + Sequelize.js - Duration: 12 minutes.

    • 1 year ago
    • 13,999 views
    In this tutorial we show implementing Sequelize with Passport.js in a Node.js/Express.js application. The purpose of this tutorial is to show the basics of hashing a user's password, Sequelize vali...
  • Rails Security Misconfiguration - Duration: 7 minutes, 17 seconds.

    • 1 year ago
    • 81 views
    This tutorial covers common security misconfigurations in Ruby on Rails applications as well as prevention and is listed as OWASP's A5 category. We demonstrate the use of tools to detect outdated s...
  • Rails Injection - Duration: 13 minutes.

    • 1 year ago
    • 187 views
    This tutorial explains common ways in which SQL Injection and Command Injection (A1) manifest within a Ruby on Rails application. We demonstrate both impact and remediation and provide helpful reso...
  • Rails Session Management - Duration: 16 minutes.

    • 1 year ago
    • 1,024 views
    This tutorial covers session related weaknesses and is part 1 of a 2 part tutorial on OWASP's A2 category. We demonstrate session fixation weaknesses and provide the resolution, thoroughly explain ...
  • Rails Broken Authentication - Duration: 16 minutes.

    • 1 year ago
    • 42 views
    This tutorial covers authentication weaknesses and is part 2 of a 2 part tutorial on OWASP's A2 category. We discuss and demonstrate password complexity weaknesses, username enumeration, brute-forc...
  • Rails Cross-Site Scripting (XSS) - Duration: 12 minutes.

    • 1 year ago
    • 183 views
    This video demonstrates common ways in which Cross-Site Scripting (A3/XSS) manifest within a Ruby on Rails application. We demonstrate remediating XSS flaws within Ruby on Rails. This tutorial is p...
  • Rails Insecure Direct Object Reference - Duration: 8 minutes, 16 seconds.

    • 1 year ago
    • 95 views
    In this tutorial, we cover Insecure Direct Object Reference (IDOR) weaknesses and how they manifest in Ruby on Rails. We show preventive measures that can be taken and demonstrate how the attack oc...
  • Rails Sensitive Data Exposure - Duration: 13 minutes.

    • 1 year ago
    • 146 views
    This tutorial discusses Sensitive Data Exposure in Ruby on Rails applications as well as prevention and is listed as OWASP's A6 category. We demonstrate implementing encryption, hashing passwords u...
  • Rails Missing Function Level Access Control - Duration: 9 minutes, 3 seconds.

    • 1 year ago
    • 88 views
    This tutorial discusses Missing Function Level Access Control and how it occurs in Rails applications. This category of weakness is listed as OWASP's A7 category. We demonstrate weaknesses in acces...
  • Rails Cross-Site Request Forgery (CSRF) - Duration: 12 minutes.

    • 1 year ago
    • 311 views
    This tutorial discusses Cross-Site Request Forgery (CSRF), Rails anti-CSRF mechanisms, commons mistakes in Rails applications, as well as a demonstration of the attack.
  • Rails Using Known Vulnerable Components - Duration: 4 minutes, 4 seconds.

    • 1 year ago
    • 38 views
    In this tutorial we discuss how the A9 category effects Rails applications and show tools to prevent these problems in your application.
  • Rails Unvalidated Redirects and Forwards - Duration: 5 minutes, 41 seconds.

    • 1 year ago
    • 78 views
    In this video we discuss OWASP'S A10 category, Unvalidated Redirects and Forwards. We provide a description of the issue, demonstrate the attack, and provide several solutions.
  • Security in Agile/DevOps Environments - Duration: 53 minutes.

    • 1 year ago
    • 39 views
    James Wickett, Matt Tesauro, Jimmy Mesta, and Justin Collins discuss building security into modern development environments.
  • IoT & Wearables Security - Duration: 58 minutes.

    • 1 year ago
    • 22 views
    nVisium's VP of Solutions, David Lindner, discusses security issues around wearable technology.
  • Beyond the Pentest: Evolving Security Landscape - Duration: 49 minutes.

    • 1 year ago
    • 60 views
    Q&A with security industry experts Rob Fuller, Chris Gates, Robin Wood, and Seth Law. In this episode our special guests answer questions from our audience members about such things as public inter...
  • Top 3 Rails Security Issues - Duration: 40 minutes.

    • 1 year ago
    • 75 views
    nVisium's CTO, Ken Johnson, discusses nVisium's Top 3 Ruby on Rails application security issues.
  • Exploring Obscure Web App Vulnerabilities - Duration: 1 hour, 30 minutes.

    • 1 year ago
    • 94 views
    nVisium's Managing Consultant, Tim Tomes, discusses obscure web application vulnerabilities.
  • Android Lollipop Security - Duration: 25 minutes.

    • 1 year ago
    • 29 views
    nVisium's CEO, Jack Mannino discusses Android's Lollipop security.
  • xssValidator Training - Duration: 12 minutes.

    • 3 years ago
    • 3,185 views
    John Poulin demonstrates leveraging nVisium's open source tool "xssValidator" using PhantomJS and SlimerJS with Burp Suite in order to detect and confirm XSS. For similar free training videos visit...
  • Intro to Burp Suite - Duration: 12 minutes.

    • 3 years ago
    • 1,501 views
    This tutorial provides an introduction to configuring and using Burp Suite. We leverage a free version of Burp (1.6) in order to show basic options that a tester would want to incorporate into thei...
  • Intro to Burp Extender (Java) - Duration: 13 minutes.

    • 3 years ago
    • 1,909 views
    This video provides the basics of using Burp Suite's Extender functionality with Java. For similar free training videos visit https://seccasts.com/ and make an account!
to add this to Watch Later

Add to

Loading playlists...