Users are often a weak link in security. Users may not take security seriously. Identifying authorized users can be challenging.
- Trust no one. … That may sound paranoid, … but it is an important security principle. … It's similar to the principle of lease privilege, … but it goes beyond just access privileges. … Only extend trust as far as you must. … You can't know every user's intentions, … especially not ahead of time. … Now, in your regular life, … you can be a bit more trusting … and give people the benefit of the doubt. … But for security, you need to adopt the opposite mindset. … Be paranoid. … Every user is a potential hacker. … This is especially true … when building internet-connected systems. … Our threat model has to include anonymous strangers … who can access our servers from around the world. … Verifying user identities online … is a fundamental security challenge. … It's difficult to know who's sitting at the keyboard, … even a user who presents identifying information, … such as a username and password, … or a user who's on an authorized device. … They may have had their credentials or device stolen. …
- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Web Programming Foundationswith Morten Rand-Hendriksen58m 44s Beginner
Web Security: Same-Origin Policieswith Sasha Vodnik1h 54m Advanced
1. Security Overview
2. General Security Principles
3. Filter Input, Control Output
4. The Most Common Attacks
Next steps2m 26s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.