Web Security: Common Vulnerabilities And Their Mitigation
4.3 (33 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
1,715 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Web Security: Common Vulnerabilities And Their Mitigation to your Wishlist.

Add to Wishlist

Web Security: Common Vulnerabilities And Their Mitigation

A guide to dealing with XSS, session hijacking, XSRF, credential management, SQLi and a whole lot more
4.3 (33 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
1,715 students enrolled
Created by Loony Corn
Last updated 7/2016
English
Current price: $10 Original price: $50 Discount: 80% off
5 hours left at this price!
30-Day Money-Back Guarantee
Includes:
  • 8 hours on-demand video
  • 104 Supplemental Resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Understand how common web security attacks work
  • Know how to write code which mitigates security risks
  • Implement secure coding practices to reduce vulnerabilities
View Curriculum
Requirements
  • A basic understanding of how the web browser, rendering, headers, cookies and sessions
  • A basic understanding of Javascript and PHP to follow the examples
Description

Coat your website with armor, protect yourself against the most common threats and vulnerabilities. Understand, with examples, how common security attacks work and how to mitigate them. Learn secure practices to keep your website users safe.

Let's parse that.

  • How do common security attacks work?: This course walks you through an entire range of web application security attacks, XSS, XSRF, Session Hijacking, Direct Object Reference and a whole lot more.
  • How do we mitigate them?: Mitigating security risks is a web developer's core job. Learn by example how you can prevent script injection, use secure tokens to mitigate XSRF, manage sessions and cookies, sanitize and validate input, manage credentials safely using hashing and encryption etc.
  • What secure practices to follow?: See what modern browsers have to offer for protection and risk mitigation, how you can  limit the surface area you expose in your site.  

What's included in this course:

  • Security attacks such as Cross Site Scripting, Session Hijacking, Credential Management, Cross Site Request Forgery, SQL Injection, Direct Object Reference, Social Engineering 
  • Risk mitigation using the Content Security Policy Header, user input validation and sanitization, secure token validation, sandboxed iframes, secure sessions and expiry, password recovery
  • Web security basics: Two factor authentication, Open Web Application Security Project, 


Using discussion forums

Please use the discussion forums on this course to engage with other students and to help each other out. Unfortunately, much as we would like to, it is not possible for us at Loonycorn to respond to individual questions from students:-(

We're super small and self-funded with only 2 people developing technical video content. Our mission is to make high-quality courses available at super low prices.

The only way to keep our prices this low is to *NOT offer additional technical support over email or in-person*. The truth is, direct support is hugely expensive and just does not scale.

We understand that this is not ideal and that a lot of students might benefit from this additional support. Hiring resources for additional support would make our offering much more expensive, thus defeating our original purpose.

It is a hard trade-off.

Thank you for your patience and understanding!



Who is the target audience?
  • Yep! Students who have some experience in web programming and understand basic browser concepts
  • Nope! Students who are beginners and have never done any web programming
Students Who Viewed This Course Also Viewed
Curriculum For This Course
56 Lectures
08:01:56
+
You, This Course and Us
1 Lecture 01:48
+
What Is Security?
2 Lectures 23:53

Authentication, authorization, auditing, availability, confidentiality and integrity. If any of these principles are compromised on your site, your site is at risk

Preview 13:41

A few definitions - risk, threat, vulnerability and attack. Reasons why websites are at risk. Known and unknown risks.

Preview 10:12
+
Cross Site Scripting
4 Lectures 50:18

Start off with a well known security attack - script injection can wreak havoc on your site.

What is XSS?
12:59

A simple but realistic example of how XSS could affect your site

Learn by example - how does a XSS attack work?
13:05

Persistent, reflected and DOM based XSS. The differences are subtle but important.

Types of XSS
12:59

How can you protect yourself from script injection? What are the good practices to follow?

XSS mitigation and prevention
11:15
+
User Input Sanitization And Validation
5 Lectures 50:45

Some more techniques by which input can be cleaned up

Sanitizing input - still not done
08:10

Check for patterns in your input. Only allow those patterns which seem legit!

Validating input
14:07

PHP offers a whole bunch of ways to validate input, some more here.

Validating input - some more stuff to say
09:16

What else can you do to make sure user input is safe to use?

Client Side Encoding, Blacklisting and Whitelisting inputs
07:03
+
The Content Security Policy Header
4 Lectures 39:43
Rules for the browser
11:23

Specify default directives so things are less onerous and learn to use wildcards

Default directives and wildcards
08:40

Inline code and the eval() functions usually spell trouble for your site

Preview 08:13

If you must use inline code, the Content Security Policy header gives you a few outs.

The nonce attribute and the script hash
11:27
+
Credentials Management
6 Lectures 57:14

What makes a good password? Set some constraints so your users are forced to choose strong passwords.

All about passwords - Strength, Use and Transit
05:24

Do not store passwords in plain text. When it comes to security you cannot trust even those who work with you.

All about passwords - Storage
13:17

Learn by example - login authentication
10:29

A little bit about hashing
10:34

All about passwords - Recovery
14:25
+
Session Management
8 Lectures 51:53


Session hijacking - count the ways
04:53

Learn by example - sessions without cookies
14:40

Session ids using hidden form fields and cookies
04:08

Session hijacking using session fixation
08:09

Session hijacking counter measures
03:58

Session hijacking - sidejacking, XSS and malware
03:10
+
SQL Injection
8 Lectures 57:35

Learn by example - how does SQLi work?
09:26

Anatomy of a SQLi attack - unsanitized input and server errors
08:42

Anatomy of a SQLi attack - table names and column names
06:19

Anatomy of a SQLi attack - getting valid credentials for the site
05:22

Types of SQL injection
08:09

SQLi mitigation - parameterized queries and stored procedures
07:47

SQLi mitigation - Escaping user input, least privilege, whitelist validation
06:33
+
Cross Site Request Forgery
4 Lectures 32:24
What is XSRF?
10:00

Learn by example - XSRF with GET and POST parameters
07:25

XSRF mitigation - The referer, origin header and the challenge response
05:46

An example using a secure token to verify that the request comes from a trusted site.

XSRF mitigation - The synchronizer token
09:13
+
Lot's Of Interesting Bits Of Information
3 Lectures 28:14

2 factor authentications and OTPs
11:04

Social Engineering
09:00
4 More Sections
About the Instructor
Loony Corn
4.3 Average rating
4,954 Reviews
38,834 Students
77 Courses
An ex-Google, Stanford and Flipkart team

Loonycorn is us, Janani Ravi and Vitthal Srinivasan. Between us, we have studied at Stanford, been admitted to IIM Ahmedabad and have spent years  working in tech, in the Bay Area, New York, Singapore and Bangalore.

Janani: 7 years at Google (New York, Singapore); Studied at Stanford; also worked at Flipkart and Microsoft

Vitthal: Also Google (Singapore) and studied at Stanford; Flipkart, Credit Suisse and INSEAD too

We think we might have hit upon a neat way of teaching complicated tech courses in a funny, practical, engaging way, which is why we are so excited to be here on Udemy!

We hope you will try our offerings, and think you'll like them :-)