Learn about the most important security concerns when developing websites, and what you can do to keep your servers, software, and data safe from harm.
- Security is essential for all web developers to learn. If you're building websites of any kind, you need it. It's not an optional feature like learning a new JavaScript framework. Online threats are real, and consequences for ignoring them can be serious. Security cannot be an afterthought. It has to be considered from the early stages of project planning to the launch of a website and beyond. Without a firm grounding, it can be easy to make mistakes that leave you vulnerable. In this course, we'll learn the fundamentals of web security to give you that grounding. We're going to learn about security by getting an understanding of the general principles which guide all security work, and then we'll get more specific by looking at best practices to prevent vulnerabilities and the most common attacks, so that you know how to protect your website from them. I'm Kevin Skoglund. I have been a web developer writing code in PHP, Ruby, and Ruby on Rails for over 15 years. I know firsthand why security's essential. I want to share what I've learned, and help you to avoid common mistakes. I want your website to be secure.
Author
Released
5/3/2019- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Duration
Views
Related Courses
-
Web Programming Foundations
with Morten Rand-Hendriksen58m 44s Beginner -
Learning the OWASP Top 10
with Caroline Wong43m 57s Beginner -
Web Security: Same-Origin Policies
with Sasha Vodnik1h 54m Advanced
-
Introduction
-
1. Security Overview
-
What is security?3m 12s
-
Why security matters2m 14s
-
What is a hacker?4m 10s
-
Threat models3m 14s
-
-
2. General Security Principles
-
Least privilege3m 55s
-
Simple is more secure2m 49s
-
Never trust users3m 15s
-
Expect the unexpected2m 20s
-
Defense in depth3m 58s
-
Security through obscurity4m 30s
-
Deny lists and allow lists3m 14s
-
-
3. Filter Input, Control Output
-
Regulate requests3m 46s
-
Validate input3m 54s
-
Sanitize data6m 29s
-
Label variables1m 22s
-
Keep code private2m 27s
-
Keep credentials private4m 36s
-
Keep error messages vague2m 17s
-
Smart logging3m 18s
-
-
4. The Most Common Attacks
-
Types of credential attacks5m 18s
-
Strong passwords4m 24s
-
SQL injection7m 31s
-
Cross-site scripting (XSS)6m 34s
-
Cookie visibility and theft4m 52s
-
Session hijacking5m 32s
-
Session fixation3m 25s
-
Remote code execution2m 19s
-
File upload abuse3m 13s
-
Denial of service5m 19s
-
-
Conclusion
-
Next steps2m 26s
-
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.
CancelTake notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: The importance of security