Special offers now — see discounted courses.
day
:
hour
:
min
:
sec
See special offers
Programming Foundations: Web Security (2019)

Programming Foundations: Web Security (2019)

2h 17mIntermediate2019-05-03

Authors

Kevin Skoglund

Kevin Skoglund

Founder of NovaFabrica

Course details

Learn about the most important security concerns when developing websites, and what you can do to keep your servers, software, and data safe from harm. Instructor Kevin Skoglund explains what motivates hackers and their most common methods of attacks, and then details the techniques and mindset needed to craft solutions for these web security challenges. Learn the eight fundamental principles that underlie all security efforts, the importance of filtering input and controlling output, and how to defend against the most common types of attack. This course is essential for developers who want to secure their websites, and for anyone else who wants to learn more about web security.

Learning objectives
Threat models
Least privilege
Defense in depth
Validating and sanitizing input
Credential attacks
SQL injection
Cross-site scripting

Skills covered

Application SecurityFoundationsCybersecurity

Concepts

0. Introduction

  • 01 - The importance of security

1. Security Overview

  • 02 - What is security
  • 03 - Why security matters
  • 04 - What is a hacker
  • 05 - Threat models
  • 06 - Total security is unachievable

2. General Security Principles

  • 07 - Least privilege
  • 08 - Simple is more secure
  • 09 - Never trust users
  • 10 - Expect the unexpected
  • 11 - Defense in depth
  • 12 - Security through obscurity
  • 13 - Deny lists and allow lists
  • 14 - Map exposure points and data passageways

3. Filter Input, Control Output

  • 15 - Regulate requests
  • 16 - Validate input
  • 17 - Sanitize data
  • 18 - Label variables
  • 19 - Keep code private
  • 20 - Keep credentials private
  • 21 - Keep error messages vague
  • 22 - Smart logging

4. The Most Common Attacks

  • 23 - Types of credential attacks
  • 24 - Strong passwords
  • 25 - URL manipulation and insecure direct object reference (IDOR)
  • 26 - SQL injection
  • 27 - Cross-site scripting (XSS)
  • 28 - Cross-site request forgery (CSRF)
  • 29 - Cross-site request protections
  • 30 - Cookie visibility and theft
  • 31 - Session hijacking
  • 32 - Session fixation
  • 33 - Remote code execution
  • 34 - File upload abuse
  • 35 - Denial of service

Conclusion

  • 36 - Next steps

Related courses

Related learn paths

About us

LyndaKade is a leading learning platform that helps people learn business, software, technology, and creative skills to achieve personal and professional goals.

Phone numberAparat ChannelTelegram SupportTelegram ChannelInstagram Page

All rights to this site belong to LyndaKade.

Terms of Service|Privacy Policy

نماد الکترونیک enamad در صورت اتصال با آی‌پی داخل کشور، نمایش داده خواهد شد.
logo-samandehi - لوگو ساماندهی
zarinpal
zibal