Web Security Essentials: MITM, CSRF, and XSS
Offered By: egghead.io
Course Description
Overview
As developers, we have a responsibility to protect the data our users trust us with. No one wants to wake up to the news that their site was hacked and all of the user accounts stolen.
Security is important, yet it is often overlooked and forgotten.
Part of the reason for this is that security seems hard to get right. This results in developers crossing their fingers and hoping for the best.
In this course, you'll learn how to protect your application by learning how to attack it.
Start your journey into web security today!
Check out these community notes for this course on Github.
Security is important, yet it is often overlooked and forgotten.
Part of the reason for this is that security seems hard to get right. This results in developers crossing their fingers and hoping for the best.
In this course, you'll learn how to protect your application by learning how to attack it.
Start your journey into web security today!
Check out these community notes for this course on Github.
Syllabus
- Course Overview: Web Security Essentials
- Simulate Man in the Middle Attacks and Inspect Network Traffic with Charles Proxy
- Add https to a Localhost Express App to Prevent MITM Attacks
- Redirect All HTTP Traffic to HTTPS in Express to Ensure All Responses are Secure
- Set the Secure Cookie Flag to Ensure Cookies are Only Sent Over Secure Connections
- Add HSTS Headers to Express Apps to Ensure All Requests are https Requests
- Create a Proof of Concept Exploit of a CSRF Vulnerable Website
- Mitigate CSRF Attacks by Setting the SameSite Cookie Flag in Express
- Add CSRF Token Middleware to an Express Server to Mitigate CSRF
- Make an XSS Payload to Read a Cookie from a Vulnerable Website
- Set the httpOnly Cookie Flag in Express to Ensure Cookies are Inaccessible from JavaScript
- Make an XSS Payload to Read document.body from a Vulnerable Website
- Prevent Inline Script Execution by Implementing Script-Src CSP Headers in Express
- Read Document Content from a Vulnerable Website via Script Tag Injection in an XSS Payload
- Add a Nonce Based script-src Header in Express to Only Allow Scripts that Match the Nonce
- Prompt Users for Credentials from a Vulnerable Website via iframe Injection
- Add a default-src CSP Header in Express to Enforce an Allowlist and Mitigate XSS
Taught by
Mike Sherov
Related Courses
Defending Node Applications from SQL Injection, XSS, & CSRF AttacksCodecademy Learn About CSRF Attacks
Codecademy Writing Secure Code in ASP.NET
Packt via Coursera Identifying Web Attacks Through Logs
Cybrary Ethical Hacking 101: Web App Penetration Testing - a full course for beginners
freeCodeCamp