Programming Foundations: Web Security (2019)
2h 17mIntermediate2019-05-03
Authors

Kevin Skoglund
Founder of NovaFabrica
Course details
Learn about the most important security concerns when developing websites, and what you can do to keep your servers, software, and data safe from harm. Instructor Kevin Skoglund explains what motivates hackers and their most common methods of attacks, and then details the techniques and mindset needed to craft solutions for these web security challenges. Learn the eight fundamental principles that underlie all security efforts, the importance of filtering input and controlling output, and how to defend against the most common types of attack. This course is essential for developers who want to secure their websites, and for anyone else who wants to learn more about web security.
Learning objectives
Threat models
Least privilege
Defense in depth
Validating and sanitizing input
Credential attacks
SQL injection
Cross-site scripting
Learning objectives
Threat models
Least privilege
Defense in depth
Validating and sanitizing input
Credential attacks
SQL injection
Cross-site scripting
Skills covered
Application SecurityFoundationsCybersecurity
Concepts
0. Introduction
- 01 - The importance of security
1. Security Overview
- 02 - What is security
- 03 - Why security matters
- 04 - What is a hacker
- 05 - Threat models
- 06 - Total security is unachievable
2. General Security Principles
- 07 - Least privilege
- 08 - Simple is more secure
- 09 - Never trust users
- 10 - Expect the unexpected
- 11 - Defense in depth
- 12 - Security through obscurity
- 13 - Deny lists and allow lists
- 14 - Map exposure points and data passageways
3. Filter Input, Control Output
- 15 - Regulate requests
- 16 - Validate input
- 17 - Sanitize data
- 18 - Label variables
- 19 - Keep code private
- 20 - Keep credentials private
- 21 - Keep error messages vague
- 22 - Smart logging
4. The Most Common Attacks
- 23 - Types of credential attacks
- 24 - Strong passwords
- 25 - URL manipulation and insecure direct object reference (IDOR)
- 26 - SQL injection
- 27 - Cross-site scripting (XSS)
- 28 - Cross-site request forgery (CSRF)
- 29 - Cross-site request protections
- 30 - Cookie visibility and theft
- 31 - Session hijacking
- 32 - Session fixation
- 33 - Remote code execution
- 34 - File upload abuse
- 35 - Denial of service
Conclusion
- 36 - Next steps
Related courses
- Programming Foundations: Web Security
- Programming Foundations: Secure Coding
- Programming Foundations: APIs and Web Services
- Programming Foundations: Secure Coding (2018)
- Protecting Your Software with Component Analysis
- Computer Science Principles: The Internet
- Introduction to Django
- Introduction to AWS AI Services for Developers
Related learn paths
- Explore a Career in Application Security
- Become a Programmer: Foundations
- Become a Back-End Web Developer
- Prepare for the MTA: Software Development Fundamentals Exam (98-361)
- Become a Web Developer
- Getting Started with Continuous Integration / Continuous Delivery (CI/CD)
- Getting Started in Blockchain
- Cybersecurity Fundamentals