Join Kevin Skoglund for an in-depth discussion in this video What is security?, part of Programming Foundations: Web Security.
The best place to begin our examination of the foundations of web security, is with the definition. Webster's Dictionary defines security as, the state of being protected or safe from harm. Now this is a general definition, for security in a general sense. What we're going to be focused on, is one particular type of security, web security. For web security, this means keeping your web server, and its applications, protected, or safe from harm. Web sites require special attention. They're very public. And they're very high-profile. They're different from other kinds of servers that we operate, such as mail servers or FTP servers.
In those cases, often you have to know an IP address to even find the server. And then the transactions that happen on that server are often password protected. And they're very utilitarian in nature. We're just swapping data or just swapping files. Websites are different. Websites can be searched for, they're often the public face of a company. They're major component of the company's brand and in some cases, with a company like Amazon.com, the website is the company itself. Websites are different also because of the way they interact with users as well. Websites are viewed by human eyes.
And we interact with them. We trust them with our personal information, and in some cases, even our credit card data. So we expect a certain level of security there to justify that trust that we've placed in them. Now, if we want to protect against something, then we first need to be aware of all of the risks and the pitfalls. We need to know who could do us harm and how they could do it. That's the only way we can assert that something is secure. Once we've surveyed the potential problems and know that we have the correct safeguards in place. This can be expressed as a simple equation. Awareness plus protection equals security.
My goal in this course is to make you aware. It'll be up to you to then go do the second half, to put the proper protections in place. You need both for security. You need knowledge and you need action. Spending lots of time and money on protections is meaningless if you didn't realize that you skipped over something easy. The awareness is as important as the protection itself because it guides your efforts. Now online security is a very deep topic. Our goal in this course in not to try and teach you everything there is to know about security. It takes years of full-time work to become and expert.
But there are general principles that are true for beginners as well as experts and there are ways of thinking about security that may be new to you. We'll talk about these core principles and then we'll look at the biggest issues you'll confront and discuss the principle based strategies for handling them.
This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments