Web Security

Websites are hacked every day at an alarmingly increasing rate. In this course Mike North shows you many kinds of threats developers are up against. You’ll stage your own mock attacks and get practice securing and defending against attacks. You'll learn to test security like an attacker and defend against XSS attacks, man-in-the-middle attacks, 3rd party asset injection attacks and more!

• Introduction
• Course Demo Application
• Types of Hackers
• Hacker Motives
• Course Agenda
• Introducing Cross-Site Scripting (XSS)
• Types of XSS Attacks
• Locations for XSS Attacks
• XSS Attack Demonstration
• Prevent XSS Attacks Quiz
• Challenge 1: XSS Attack
• Challenge 1: Solution
• User Data
• Sanitizing User Data
• Content Security Policy (CSP)
• Challenge 2: Defend Against XSS Attacks
• Challenge 2: Solution, Part 1
• Challenge 2: Solution, Part 2
• Malicious Attachments
• Challenge 3: XSS Attachment
• Challenge 3: Solution
• Stopping Malicious Attachments
• Introducing Cross-Site Request Forgery (CSRF)
• Challenge 4: CSRF
• Challenge 4: Solution
• CSRF Tokens
• Request Origin
• Cross-Origin Resource Sharing (CORS)
• Challenge: 5: Defend Against CSRF
• Challenge: 5: Solution
• Introducing Clickjacking
• Challenge 6: Clickjacking
• Challenge 6: Solution
• Stopping Clickjacking
• Challenge 7: Defend Against Clickjacking
• Challenge 7: Solution
• Introducing Third Party Assets
• Challenge 8: Subresource Integrity
• Challenge 8: Solution
• Introducing Man-in-the-Middle Attacks
• Hardware
• Encrypting Data
• Introducing HTTPS
• HTTPS & Cryptography
• TLS Handshake
• OpenSSL
• Challenge 9: Defend Against Man-in-the-Middle Attack
• Challenge 9: Solution
• Introducing HTTPS Downgrade
• Defending Against HTTPS Downgrade
• Bad Certificate
• Defending Against Bad Certificates
• Challenge & Solution 10: Defend Against HTTPS Downgrade
• Certificate Authority Compromise
• Wrapping Up Web Security