Web Application Security - 8 Hrs
Hours of Content: 8
Instructor: Loony Corn
- A basic understanding of how the web browser, rendering, headers, cookies and sessions
Coat your website with armor, protect yourself against the most common threats and vulnerabilities. Understand, with examples, how common security attacks work and how to mitigate them. Learn secure practices to keep your website users safe.
Let's parse that.
- How do common security attacks work? This course walks you through an entire range of web application security attacks, XSS, XSRF, Session Hijacking, Direct Object Reference and a whole lot more.
- How do we mitigate them?: Mitigating security risks is a web developer's core job. Learn by example how you can prevent script injection, use secure tokens to mitigate XSRF, manage sessions and cookies, sanitize and validate input, manage credentials safely using hashing and encryption etc.
- What secure practices to follow?: See what modern browsers have to offer for protection and risk mitigation, how you can limit the surface area you expose in your site.
What's included in this course:
- Security attacks such as Cross Site Scripting, Session Hijacking, Credential Management, Cross Site Request Forgery, SQL Injection, Direct Object Reference, Social Engineering
- Risk mitigation using the Content Security Policy Header, user input validation and sanitization, secure token validation, sandboxed iframes, secure sessions and expiry, password recovery
- Web security basics: Two-factor authentication, Open Web Application Security Project,
Using discussion forums
Please use the discussion forums on this course to engage with other students and to help each other out. Unfortunately, much as we would like to, it is not possible for us at Loonycorn to respond to individual questions from students:-(
We're super small and self-funded with only 2 people developing technical video content. Our mission is to make high-quality courses available at super low prices.
The only way to keep our prices this low is to *NOT offer additional technical support over email or in-person*. The truth is, direct support is hugely expensive and just does not scale.
We understand that this is not ideal and that a lot of students might benefit from this additional support. Hiring resources for additional support would make our offering much more expensive, thus defeating our original purpose.
It is a hard trade-off.
Thank you for your patience and understanding!
Who is the target audience?
- Yep! Students who have some experience in web programming and understand basic browser concepts
- Nope! Students who are beginners and have never done any web programming.