Learn about the most important security concerns when developing websites, and what you can do to keep your servers, software, and data safe from harm.
Overview
Syllabus
Introduction
- The importance of security
- What is security?
- Why security matters
- What is a hacker?
- Threat models
- Total security is unachievable
- Least privilege
- Simple is more secure
- Never trust users
- Expect the unexpected
- Defense in depth
- Security through obscurity
- Deny lists and allow lists
- Map exposure points and data passageways
- Regulate requests
- Validate input
- Sanitize data
- Label variables
- Keep code private
- Keep credentials private
- Keep error messages vague
- Smart logging
- Types of credential attacks
- Strong passwords
- URL manipulation and insecure direct object reference (IDOR)
- SQL injection
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Cross-site request protections
- Cookie visibility and theft
- Session hijacking
- Session fixation
- Remote code execution
- File upload abuse
- Denial of service
- Next steps
Taught by
Kevin Skoglund
