Course areas
Web Security for Developers
Save 20 %

Watch this product and we will notify you once it is back in stock.

The product is now watched
We will notify you once the product is back in stock again.

Web Security for Developers

The course helps you to develop a security-oriented mindset. It explores the way the web works...

The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base. 


This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.

Target audience

This course is aimed at web developers.

Prerequisites

You should have basic web development experience.

What you will learn

Introduction

  • The reality
  • What might an attacker want?
  • Social Engineering

HTTPS

  • What's wrong with HTTP?
  • Man-in-the-middle attacks
  • HTTP Strict Transport Security header

Certificates

  • Certificate failures
  • Certificate pinning
  • Lifetime
  • Lets Encrypt

Encoding

  • Character encoding
  • Unicode
  • Encoding (UTF-8, UTF-16...)

Cross Site Scripting

  • Stored XSS
  • Reflected XSS
  • DOM Based XSS
  • XSS Preventions

Content Security Policy

  • Headers and directives
  • CSP Reporting
  • CSP Nonce
  • CSP Validation

Cross site request forgery (CSRF)

  • CSRF Attack
  • CSRF Prevention

Securing your cookies

  • Cookie security
  • Same-site cookies

CORS

  • Origins
  • Same-Origin Policy
  • Cross-Origin Resource Sharing

Injections

  • SQL Injections
  • Blind injection attacks
  • File path injections

Authentication & Authorization

  • Securing the login-form
  • Securing the session
  • Multi factor authentication

Denial-of-Service (DoS) attacks

  • Network attacks
  • Application level attacks
  • XML DoS attacks
  • Decompression bombs

Password management

  • Secure password storage
  • Hashing
  • Salt and pepper
  • Password spraying

Information leakage

  • Error handling
  • Source control leaks
  • Response header leakage
  • Search engine leakage

Securing our dependencies

  • Supply-chain attacks
  • Subresource Integrity

Hack your self

  • Hack your own systems
  • Tools
  • Approach


Reviews

Product review Rating: 4 of 5 stars. Based on 15 ratings. Based on 15 ratings.

Click on a star to rate
You
Retrieve your Facebook profile.
  • Rating: 5 of 5 stars
    Perfect
    Webbsäkerhet för utvecklare ger många nya värdefulle insikter och borde vara ett minimum för alla inom webbutveckling.
  • Rating: 5 of 5 stars
    Perfect
    Bra upplägg på innehåll och mycket användbara kunskaper.
  • Rating: 5 of 5 stars
    Perfect
    Otroligt bra kurs och otroligt duktig lärare. Kanske lite för mycket (hur det nu kan vara något negativt... men ibland blev det lite fullt i huvudet och man började blanda ihop saker man lärt sig). 3 dagar skulle inte skada. Ibland lite stressigt och inte riktigt tid för diskussioner. Men, skulle jag vilja välja bort någon del? Svar Nej!
  • Rating: 5 of 5 stars
    Perfect
    Bra intro-kurs till Web-säkerhet, rekommenderar att gå kursen!
  • Rating: 4 of 5 stars
    Very good
    Bra tempo, bra med rasterna för att få sträcka på sig vid onlinekurs

JavaScript seem to be disabled in your browser.

You must have JavaScript enabled in your browser to utilize the functionality of this website.