Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Development Tools No-Code Development
Business
Entrepreneurship Communications Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certification Network & Security Hardware Operating Systems Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Esoteric Practices Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design Design Thinking 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition Yoga Mental Health Dieting Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Teacher Training Test Prep Other Teaching & Academics
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Cisco CCNA Amazon AWS CompTIA Security+ Microsoft AZ-900
Graphic Design Photoshop Adobe Illustrator Drawing Digital Painting InDesign Character Design Canva Design Theory
Life Coach Training Personal Development Neuro-Linguistic Programming Personal Transformation Mindfulness Life Purpose Meditation CBT Emotional Intelligence
Web Development JavaScript React CSS Angular PHP Node.Js WordPress Vue JS
Google Flutter Android Development iOS Development React Native Swift Dart (programming language) Mobile Development Kotlin SwiftUI
Digital Marketing Google Ads (Adwords) Social Media Marketing Marketing Strategy Google Ads (AdWords) Certification Internet Marketing YouTube Marketing Email Marketing Instagram Marketing
Microsoft Power BI SQL Tableau Business Analysis Data Modeling Business Intelligence MySQL Data Analysis Blockchain
Business Fundamentals Entrepreneurship Fundamentals Business Strategy Startup Business Plan Freelancing Online Business Blogging Home Business
Unity Game Development Fundamentals Unreal Engine C# 3D Game Development C++ 2D Game Development Unreal Engine Blueprints Blender
30-Day Money-Back Guarantee
Development Web Development Cyber Security

Web Security: Common Vulnerabilities And Their Mitigation

A guide to dealing with XSS, session hijacking, XSRF, credential management, SQLi and a whole lot more
Rating: 4.3 out of 54.3 (159 ratings)
3,508 students
Created by Loony Corn
Last updated 4/2018
English
English [Auto]
30-Day Money-Back Guarantee

What you'll learn

  • Understand how common web security attacks work
  • Know how to write code which mitigates security risks
  • Implement secure coding practices to reduce vulnerabilities

Course content

14 sections • 56 lectures • 8h 1m total length

  • Preview01:48

  • Preview13:41
  • Preview10:12

  • What is XSS?
    12:59
  • Learn by example - how does a XSS attack work?
    13:05
  • Types of XSS
    12:59
  • XSS mitigation and prevention
    11:15

  • Preview12:09
  • Sanitizing input - still not done
    08:10
  • Validating input
    14:07
  • Validating input - some more stuff to say
    09:16
  • Client Side Encoding, Blacklisting and Whitelisting inputs
    07:03

  • Rules for the browser
    11:23
  • Default directives and wildcards
    08:40
  • Preview08:13
  • The nonce attribute and the script hash
    11:27

  • Preview03:05
  • All about passwords - Strength, Use and Transit
    05:24
  • All about passwords - Storage
    13:17
  • Learn by example - login authentication
    10:29
  • A little bit about hashing
    10:34
  • All about passwords - Recovery
    14:25

  • Preview06:21
  • Preview06:34
  • Session hijacking - count the ways
    04:53
  • Learn by example - sessions without cookies
    14:40
  • Session ids using hidden form fields and cookies
    04:08
  • Session hijacking using session fixation
    08:09
  • Session hijacking counter measures
    03:58
  • Session hijacking - sidejacking, XSS and malware
    03:10

  • Preview05:17
  • Learn by example - how does SQLi work?
    09:26
  • Anatomy of a SQLi attack - unsanitized input and server errors
    08:42
  • Anatomy of a SQLi attack - table names and column names
    06:19
  • Anatomy of a SQLi attack - getting valid credentials for the site
    05:22
  • Types of SQL injection
    08:09
  • SQLi mitigation - parameterized queries and stored procedures
    07:47
  • SQLi mitigation - Escaping user input, least privilege, whitelist validation
    06:33

  • What is XSRF?
    10:00
  • Learn by example - XSRF with GET and POST parameters
    07:25
  • XSRF mitigation - The referer, origin header and the challenge response
    05:46
  • XSRF mitigation - The synchronizer token
    09:13

  • Preview08:10
  • 2 factor authentications and OTPs
    11:04
  • Social Engineering
    09:00

Requirements

  • A basic understanding of how the web browser, rendering, headers, cookies and sessions
  • A basic understanding of Javascript and PHP to follow the examples

Description

Coat your website with armor, protect yourself against the most common threats and vulnerabilities. Understand, with examples, how common security attacks work and how to mitigate them. Learn secure practices to keep your website users safe.

Let's parse that.

  • How do common security attacks work?: This course walks you through an entire range of web application security attacks, XSS, XSRF, Session Hijacking, Direct Object Reference and a whole lot more.
  • How do we mitigate them?: Mitigating security risks is a web developer's core job. Learn by example how you can prevent script injection, use secure tokens to mitigate XSRF, manage sessions and cookies, sanitize and validate input, manage credentials safely using hashing and encryption etc.
  • What secure practices to follow?: See what modern browsers have to offer for protection and risk mitigation, how you can  limit the surface area you expose in your site.  

What's included in this course:

  • Security attacks such as Cross Site Scripting, Session Hijacking, Credential Management, Cross Site Request Forgery, SQL Injection, Direct Object Reference, Social Engineering 
  • Risk mitigation using the Content Security Policy Header, user input validation and sanitization, secure token validation, sandboxed iframes, secure sessions and expiry, password recovery
  • Web security basics: Two factor authentication, Open Web Application Security Project, 


Who this course is for:

  • Yep! Students who have some experience in web programming and understand basic browser concepts
  • Nope! Students who are beginners and have never done any web programming

Instructor

Loony Corn
An ex-Google, Stanford and Flipkart team
Loony Corn
  • 4.2 Instructor Rating
  • 22,260 Reviews
  • 132,522 Students
  • 73 Courses

Loonycorn is us, Janani Ravi and Vitthal Srinivasan. Between us, we have studied at Stanford, been admitted to IIM Ahmedabad and have spent years  working in tech, in the Bay Area, New York, Singapore and Bangalore.

Janani: 7 years at Google (New York, Singapore); Studied at Stanford; also worked at Flipkart and Microsoft

Vitthal: Also Google (Singapore) and studied at Stanford; Flipkart, Credit Suisse and INSEAD too

We think we might have hit upon a neat way of teaching complicated tech courses in a funny, practical, engaging way, which is why we are so excited to be here on Udemy!

We hope you will try our offerings, and think you'll like them :-)

  • Udemy for Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Impressum Kontakt
  • Terms
  • Privacy policy
  • Cookie settings
  • Sitemap
  • Featured courses
Udemy
© 2021 Udemy, Inc.