About Course

• Coat your website with armor, protect yourself against the most common threats and vulnerabilities. Understand, with examples, how common security attacks work and how to mitigate them. Learn secure practices to keep your website users safe.

  • How do common security attacks work?: This course walks you through an entire range of web application security attacks, XSS, XSRF, Session Hijacking, Direct Object Reference and a whole lot more.
  • How do we mitigate them?: Mitigating security risks is a web developer's core job. Learn by example how you can prevent script injection, use secure tokens to mitigate XSRF, manage sessions and cookies, sanitize and validate input, manage credentials safely using hashing and encryption etc.
  • What secure practices to follow?: See what modern browsers have to offer for protection and risk mitigation, how you can  limit the surface area you expose in your site.  

What you get from this course?

• • Security attacks such as Cross Site Scripting, Session Hijacking, Credential Management, Cross Site Request Forgery, SQL Injection, Direct Object Reference, Social Engineering 
  • Risk mitigation using the Content Security Policy Header, user input validation and sanitization, secure token validation, sandboxed iframes, secure sessions and expiry, password recovery
  • Web security basics: Two factor authentication, Open Web Application Security Project
  • Understand how common web security attacks work
  • Know how to write code which mitigates security risks
  • Implement secure coding practices to reduce vulnerabilities

Topics covered in this course

• Curriculum

  Section 1: You, This Course and Us
  	Lecture 1	You, This Course and Us Preview	01:48
  Section 2: What Is Security?
  	Lecture 2	Security and its building blocks Preview	13:41
  	Lecture 3	Security related definitions and categories Preview	10:12
  Section 3: Cross Site Scripting
  	Lecture 4	What is XSS?	12:59
  	Lecture 5	Learn by example - how does a XSS attack work?	13:05
  	Lecture 6	Types of XSS	12:59
  	Lecture 7	XSS mitigation and prevention	11:15
  Section 4: User Input Sanitization And Validation
  	Lecture 8	Sanitizing input Preview	12:09
  	Lecture 9	Sanitizing input - still not done	08:10
  	Lecture 10	Validating input	14:07
  	Lecture 11	Validating input - some more stuff to say	09:16
  	Lecture 12	Client Side Encoding, Blacklisting and Whitelisting inputs	07:03
  Section 5: The Content Security Policy Header
  	Lecture 13	Rules for the browser	11:23
  	Lecture 14	Default directives and wildcards	08:40
  	Lecture 15	Stay away from inline code and the eval() function Preview	08:13
  	Lecture 16	The nonce attribute and the script hash	11:27
  Section 6: Credentials Management
  	Lecture 17	Broken authentication and session management Preview	03:05
  	Lecture 18	All about passwords - Strength, Use and Transit	05:24
  	Lecture 19	All about passwords - Storage	13:17
  	Lecture 20	Learn by example - login authentication	10:29
  	Lecture 21	A little bit about hashing	10:34
  	Lecture 22	All about passwords - Recovery	14:25
  Section 7: Session Management
  	Lecture 23	What is a session? Preview	06:21
  	Lecture 24	Anatomy of a session attack Preview	06:34
  	Lecture 25	Session hijacking - count the ways	04:53
  	Lecture 26	Learn by example - sessions without cookies	14:40
  	Lecture 27	Session ids using hidden form fields and cookies	04:08
  	Lecture 28	Session hijacking using session fixation	08:09
  	Lecture 29	Session hijacking counter measures	03:58
  	Lecture 30	Session hijacking - sidejacking, XSS and malware	03:10
  Section 8: SQL Injection
  	Lecture 31	Who Is Bobby Tables? Preview	05:17
  	Lecture 32	Learn by example - how does SQLi work?	09:26
  	Lecture 33	Anatomy of a SQLi attack - unsanitized input and server errors	08:42
  	Lecture 34	Anatomy of a SQLi attack - table names and column names	06:19
  	Lecture 35	Anatomy of a SQLi attack - getting valid credentials for the site	05:22
  	Lecture 36	Types of SQL injection	08:09
  	Lecture 37	SQLi mitigation - parameterized queries and stored procedures	07:47
  	Lecture 38	SQLi mitigation - Escaping user input, least privilege, whitelist validation	06:33
  Section 9: Cross Site Request Forgery
  	Lecture 39	What is XSRF?	10:00
  	Lecture 40	Learn by example - XSRF with GET and POST parameters	07:25
  	Lecture 41	XSRF mitigation - The referer, origin header and the challenge response	05:46
  	Lecture 42	XSRF mitigation - The synchronizer token	09:13
  Section 10: Lot's Of Interesting Bits Of Information
  	Lecture 43	The Open Web Application Security Project Preview	08:10
  	Lecture 44	2 factor authentications and OTPs	11:04
  	Lecture 45	Social Engineering	09:00
  Section 11: Direct Object Reference
  	Lecture 46	The direct object reference attack - do not leak implementation details	09:19
  	Lecture 47	Direct object reference mitigations	04:55
  Section 12: IFrames
  	Lecture 48	IFrames come with their own security concerns	06:46
  	Lecture 49	Sandboxing iframes	09:02
  Section 13: One last word
  	Lecture 50	Wrapping up the OWASP top 10 list	07:42
  Section 14: PHP and MySQL Install And Set Up
  	Lecture 51	Installing PHP (Windows)	09:45
  	Lecture 52	Enabling MySQL and using phpmyadmin (Windows)	03:04
  	Lecture 53	Installing PHP (Mac)	11:55
  	Lecture 54	Installing MySQL (Mac)	07:03
  	Lecture 55	Using MySQL Workbench (Mac)	17:32
  	Lecture 56	Getting PHP and MySQL to talk to each other (Mac)	01:06

Who should buy this course?

• • A basic understanding of how the web browser, rendering, headers, cookies and sessions
  • A basic understanding of Javascript and PHP to follow the examples
  • Students who have some experience in web programming and understand basic browser concepts
  • Students who are beginners and have never done any web programming  can buy this course