Moocable is learner-supported. When you buy through links on our site, we may earn an affiliate commission.
Description
Learn about the most important security concerns when developing websites, and what you can do to keep your servers, software, and data safe from harm.
Tags
Syllabus
Introduction
- The importance of security
- What is security?
- Why security matters
- What is a hacker?
- Threat models
- Total security is unachievable
- Least privilege
- Simple is more secure
- Never trust users
- Expect the unexpected
- Defense in depth
- Security through obscurity
- Deny lists and allow lists
- Map exposure points and data passageways
- Regulate requests
- Validate input
- Sanitize data
- Label variables
- Keep code private
- Keep credentials private
- Keep error messages vague
- Smart logging
- Types of credential attacks
- Strong passwords
- URL manipulation and insecure direct object reference (IDOR)
- SQL injection
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Cross-site request protections
- Cookie visibility and theft
- Session hijacking
- Session fixation
- Remote code execution
- File upload abuse
- Denial of service
- Next steps
![](https://d3f1iyfxxz8i1e.cloudfront.net/courses/course_image/ec16171c0d7e.jpeg)
Programming Foundations: Web Security
Affiliate notice
-
TypeOnline Course
-
Provider
Learn about the most important security concerns when developing websites, and what you can do to keep your servers, software, and data safe from harm.
Introduction
- The importance of security
- What is security?
- Why security matters
- What is a hacker?
- Threat models
- Total security is unachievable
- Least privilege
- Simple is more secure
- Never trust users
- Expect the unexpected
- Defense in depth
- Security through obscurity
- Deny lists and allow lists
- Map exposure points and data passageways
- Regulate requests
- Validate input
- Sanitize data
- Label variables
- Keep code private
- Keep credentials private
- Keep error messages vague
- Smart logging
- Types of credential attacks
- Strong passwords
- URL manipulation and insecure direct object reference (IDOR)
- SQL injection
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Cross-site request protections
- Cookie visibility and theft
- Session hijacking
- Session fixation
- Remote code execution
- File upload abuse
- Denial of service
- Next steps
Tags
Loading...
Saving...
Loading...