Join Kevin Skoglund for an in-depth discussion in this video Never trust users, part of Foundations of Programming: Web Security.
- View Offline
…You should never trust users.…This is part of the reason behind the principle of least privileged too.…Trust everyone only as far as you must.…But it goes beyond just assigning access privileges.…I'm not saying you should treat users like they are the…enemy, most times they aren't, but even well-meaning users can cause problems.…Perhaps Bob is cleaning up and accidentally deletes a file…that Mary's planning to use for her big presentation next week.…Or Joanna might get a phone…call, and in a moment of distraction, might click Delete instead of Edit.…
Or someone might forget to log out of their account from a public computer.…You should consider and be on guard against basic human mistakes.…In general, you should be paranoid.…Most users aren't out to get you, but one in 10,000 might be,…and the thing is, you can't tell the difference, especially ahead of time.…In real life, I hope that you will be trusting.…You should give people the benefit of the doubt.…You should presume that they're innocent and harmless until you know otherwise.…
This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments
Skill Level Beginner
1. Security Overview
2. General Security Principles
3. Filtering Input, Controlling Output
4. The Most Common Attacks
5. Encryption and User Authentication
6. Other Areas of Concern
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.