Programming Foundations: Web Security

Programming Foundations: Web Security
Programming Foundations: Web Security
English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 2h 17m | 790 MB

Learn about the most important security concerns when developing websites, and what you can do to keep your servers, software, and data safe from harm. Instructor Kevin Skoglund explains what motivates hackers and their most common methods of attacks, and then details the techniques and mindset needed to craft solutions for these web security challenges. Learn the eight fundamental principles that underlie all security efforts, the importance of filtering input and controlling output, and how to defend against the most common types of attack. This course is essential for developers who want to secure their websites, and for anyone else who wants to learn more about web security.

Topics include:

  • Threat models
  • Least privilege
  • Defense in depth
  • Validating and sanitizing input
  • Credential attacks
  • SQL injection
  • Cross-site scripting
Table of Contents

1 The importance of security
2 What is security
3 Why security matters
4 What is a hacker
5 Threat models
6 Total security is unachievable
7 Least privilege
8 Simple is more secure
9 Never trust users
10 Expect the unexpected
11 Defense in depth
12 Security through obscurity
13 Deny lists and allow lists
14 Map exposure points and data passageways
15 Regulate requests
16 Validate input
17 Sanitize data
18 Label variables
19 Keep code private
20 Keep credentials private
21 Keep error messages vague
22 Smart logging
23 Types of credential attacks
24 Strong passwords
25 URL manipulation and insecure direct object reference (IDOR)
26 SQL injection
27 Cross-site scripting (XSS)
28 Cross-site request forgery (CSRF)
29 Cross-site request protections
30 Cookie visibility and theft
31 Session hijacking
32 Session fixation
33 Remote code execution
34 File upload abuse
35 Denial of service
36 Next steps