Coat your website with armor, protect yourself against the most common threats and vulnerabilities. Understand, with examples, how common security attacks work and how to mitigate them. Learn secure practices to keep your website users safe.
Let's parse that.
What's included in this course:
Using discussion forums
Please use the discussion forums on this course to engage with other students and to help each other out. Unfortunately, much as we would like to, it is not possible for us at Loonycorn to respond to individual questions from students:-(
We're super small and self-funded with only 2 people developing technical video content. Our mission is to make high-quality courses available at super low prices.
The only way to keep our prices this low is to *NOT offer additional technical support over email or in-person*. The truth is, direct support is hugely expensive and just does not scale.
We understand that this is not ideal and that a lot of students might benefit from this additional support. Hiring resources for additional support would make our offering much more expensive, thus defeating our original purpose.
It is a hard trade-off.
Thank you for your patience and understanding!
Authentication, authorization, auditing, availability, confidentiality and integrity. If any of these principles are compromised on your site, your site is at risk
Start off with a well known security attack - script injection can wreak havoc on your site.
A simple but realistic example of how XSS could affect your site
Persistent, reflected and DOM based XSS. The differences are subtle but important.
How can you protect yourself from script injection? What are the good practices to follow?
Some more techniques by which input can be cleaned up
Check for patterns in your input. Only allow those patterns which seem legit!
PHP offers a whole bunch of ways to validate input, some more here.
What else can you do to make sure user input is safe to use?
Specify default directives so things are less onerous and learn to use wildcards
Inline code and the eval() functions usually spell trouble for your site
If you must use inline code, the Content Security Policy header gives you a few outs.
What makes a good password? Set some constraints so your users are forced to choose strong passwords.
Do not store passwords in plain text. When it comes to security you cannot trust even those who work with you.
An example using a secure token to verify that the request comes from a trusted site.
Loonycorn is us, Janani Ravi and Vitthal Srinivasan. Between us, we have studied at Stanford, been admitted to IIM Ahmedabad and have spent years working in tech, in the Bay Area, New York, Singapore and Bangalore.
Janani: 7 years at Google (New York, Singapore); Studied at Stanford; also worked at Flipkart and Microsoft
Vitthal: Also Google (Singapore) and studied at Stanford; Flipkart, Credit Suisse and INSEAD too
We think we might have hit upon a neat way of teaching complicated tech courses in a funny, practical, engaging way, which is why we are so excited to be here on Udemy!
We hope you will try our offerings, and think you'll like them :-)