Join Kevin Skoglund for an in-depth discussion in this video Map exposure points and data passageways, part of Programming Foundations: Web Security.
…Our final, general security principle is also a best practice.…You should map your exposure points and data passageways.…Let's look at some of the typical exposure points of web applications.…First, let's look at incoming exposure points.…You have the URLs themselves, the URL that actually get type into…the browser, that gets consumed by your web server and by your application.…So, it's an incoming bit of data.…Then, we have forms.…We have cookies and session data.…We have database reads, that's a point at which…information is coming from the database into our web application.…
Now of course, you can look at it the other way around, and look at…it from the database's point of view,…and that would be outgoing, rather than incoming.…But we're talking about from the web application's point of view, here.…And then, you have your public APIs, the application interfaces that…you've made available to the public so that they can communicate with…your application. Let's look at the outgoing side.…We've got our HTML that we're outputting to the…
This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments
Skill Level Beginner
1. Security Overview
2. General Security Principles
3. Filtering Input, Controlling Output
4. The Most Common Attacks
5. Encryption and User Authentication
6. Other Areas of Concern
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.