Author
Kevin Skoglund
Released
2/19/2014This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments
Skill Level Beginner
Duration
Views
- [Voiceover] My name is Kevin Skoglund. Welcome to Foundations of Programming: Web Security. In this course, we're going to learn the fundamentals of web security. We'll begin with an overview of security, as well as to learn about different types of hackers, and what motivates them. We will cover eight fundamental security principles, which can be applied to any context. We will learn how to filter input to protect your website, as well as how to be smart about the data that you output. We will walk through the techniques behind the most common attacks on your server, and learn solutions that can protect against them.
We will learn the best practices to use for implementing user log-ins to password protected areas. We will discover how to be smart about security when working with credit card payments, regular expressions, source code managers, and databases. Let's get started learning about web security.
-
Introduction
-
Introduction53s
-
-
1. Security Overview
-
What is security?2m 26s
-
Why security matters4m 14s
-
What is a hacker?6m 4s
-
Get in the security mind-set3m 19s
-
Write a security policy3m 25s
-
-
2. General Security Principles
-
Least privilege3m 53s
-
Simple is more secure2m 35s
-
Never trust users3m 23s
-
Expect the unexpected1m 53s
-
Defense in depth2m 30s
-
Security through obscurity2m 41s
-
-
3. Filtering Input, Controlling Output
-
Regulating requests2m 37s
-
Validating input7m 15s
-
Sanitizing data7m 35s
-
Labeling variables2m 15s
-
Keeping code private4m 16s
-
Keeping credentials private5m 46s
-
Keeping error messages vague2m 34s
-
Smart logging5m 42s
-
-
4. The Most Common Attacks
-
Cross-site scripting (XSS)4m 54s
-
SQL injection6m 33s
-
URL manipulation5m 33s
-
Faked requests and forms5m 16s
-
Cookie visibility and theft3m 49s
-
Session hijacking6m 22s
-
Session fixation3m 4s
-
Remote system execution3m 6s
-
File-upload abuse2m 20s
-
Denial of service5m 28s
-
-
5. Encryption and User Authentication
-
Password encryption4m 12s
-
Salting passwords5m 33s
-
Password requirements3m 18s
-
Brute-force attacks8m 32s
-
Using SSL for login5m 9s
-
Protecting cookies2m 34s
-
Regulating access privileges4m 11s
-
Handling forgotten passwords5m 59s
-
Multi-factor authentication6m 15s
-
-
6. Other Areas of Concern
-
Credit card payments5m 36s
-
Regular expression flaws5m 2s
-
Buffer overflows2m 30s
-
Source code managers5m 9s
-
Database security4m 58s
-
Server security4m 45s
-
-
Conclusion
-
Goodbye46s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Introduction