- Total 0 kr
Web Security for Developers
Watch this product and we will notify you once it is back in stock.
Web Security for Developers
The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base.
This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.
Target audience
This course is aimed at web developers.
Prerequisites
You should have basic web development experience.
What you will learn
Introduction
- The reality
- What might an attacker want?
- Social Engineering
HTTPS
- Man-in-the-middle attacks
- Certificates
- Certificate pinning
- Securing cookies
- HTTP Strict Transport Security header
Encoding
- Character encoding
- Unicode
- Encoding
Cross Site Scripting
- Stored XSS
- Reflected XSS
- DOM Based XSS
- XSS Preventions
Content Security Policy
- Headers and directives
- CSP Reporting
Cross site request forgery (CSRF)
- CSRF Prevention
- Synchronizer Token Pattern
- Double Submit Cookies
Securing your cookies
- Cookie security-oriented
- Same-site cookies
CORS
- Origins
- Same-Origin Policy
- Cross-Origin Resource Sharing
Injections
- SQL Injections
- File path injections
Authentication & Authorization
- Securing the login-form
- Securing the session
- Multi factor authentication
Denial-of-Service (DoS) attacks
- Network attacks
- Application level attacks
- Regular Expression attacks
- XML DoS attacks
- Decompression bombs
Password management
- Secure password storage
- Hashing
- Salt and pepper
Information leakage
- Error handling
- Source control leaks
- SQL Timing attacks
- Login timing attacks
- Response header leakage
- Search engine leakage
- Server leaks
Attacking and securing our site
- Hacking tools
- Penetration testing
- Hack your self
- How to make a secure site
- Secure development process