Free Download Attacking MCP Servers and AI Apps A Practical Course
Published 1/2026
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English | Size: 422.51 MB | Duration: 1h 12m
Exploiting and defending MCP servers, the backbone of AI Agents. No prior knowledge required. All labs are in Docker.
What you'll learn
Understand the problem that MCP solves.
Build MCP servers in Python with tools, resources, and prompts using FastMCP SDK
Exploit common vulnerabilities on MCP (SSRF, confused deputy, prompt injection)
Test your skills with bonus exercises covering directory traversal, command injection, and internal endpoint bypass
Requirements
Basic Python skills
Description
Companies rush to integrate MCP servers into their AI infrastructure, a new attack surface is emerging - and most developers are building vulnerable systems without realizing it.This hands-on course takes you from zero MCP knowledge to confidently building and attacking MCP servers. Whether you're a developer securing AI systems or a security professional hunting for vulnerabilities, this course gives you the practical skills you need.No complex setup required - all labs run in Docker containers with step-by-step guidance. Join thousands of students already learning to secure the next generation of AI infrastructure.In Section 1, you'll build a solid foundation by creating your first MCP server in Python using the FastMCP SDK. You'll understand the client-server architecture, learn the difference between local and remote MCP servers, and integrate your server with Claude Desktop. By the end, you'll know how to expose tools, resources, and prompts to AI models - and more importantly, you'll understand where things can go wrong.In Section 2, you shift to an attacker's mindset. Through practical labs running in Docker, you'll exploit real vulnerabilities including: - Server-Side Request Forgery (SSRF) - Abuse URL fetching tools to access internal resources, and bypass common protections using redirect chains - Confused Deputy attacks - Exploit broken authorization when MCP servers have overly broad access to backend services - Prompt Injection - Manipulate AI-generated SQL queries to access unauthorized data, with a real-world case study of Google Antigravity credential exfiltration - Directory Traversal and Information Disclosure - Extract sensitive files through misconfigured MCP resources.
Security Engineers, Software Engineers,Bug Bounty Hunters, Penetration Testers
Homepage
Code:
Bitte
Anmelden
oder
Registrieren
um Code Inhalt zu sehen!
Recommend Download Link Hight Speed | Please Say Thanks Keep Topic Live
Code:
Bitte
Anmelden
oder
Registrieren
um Code Inhalt zu sehen!
