Web Security: Common Vulnerabilities And Their Mitigation

Video description

A guide to dealing with XSS, session hijacking, XSRF, credential management, SQLi and a whole lot more

About This Video

Security attacks such as Cross Site Scripting, Session Hijacking, Credential Management, Cross Site Request Forgery, SQL Injection, Direct Object Reference, Social Engineering
Risk mitigation using the Content Security Policy Header, user input validation and sanitization, secure token validation, …

Web Security: Common Vulnerabilities And Their Mitigation

Video description

A guide to dealing with XSS, session hijacking, XSRF, credential management, SQLi and a whole lot more

About This Video

Security attacks such as Cross Site Scripting, Session Hijacking, Credential Management, Cross Site Request Forgery, SQL Injection, Direct Object Reference, Social Engineering
Risk mitigation using the Content Security Policy Header, user input validation and sanitization, secure token validation, sandboxed iframes, secure sessions and expiry, password recovery
Web security basics: Two factor authentication, Open Web Application Security Project,

In Detail

Coat your website with armor, protect yourself against the most common threats and vulnerabilities. Understand, with examples, how common security attacks work and how to mitigate them. Learn secure practices to keep your website users safe. Let's parse that. How do common security attacks work?: This course walks you through an entire range of web application security attacks, XSS, XSRF, Session Hijacking, Direct Object Reference and a whole lot more. How do we mitigate them?: Mitigating security risks is a web developer's core job. Learn by example how you can prevent script injection, use secure tokens to mitigate XSRF, manage sessions and cookies, sanitize and validate input, manage credentials safely using hashing and encryption etc. What secure practices to follow?: See what modern browsers have to offer for protection and risk mitigation, how you can limit the surface area you expose in your site.

Audience

The following audience will benefit from this course: - Students who have some experience in web programming and understand basic browser concepts, students who are beginners and have never done any web programming.

Publisher resources

Download Example Code

Chapter 1 : You, This Course and Us

You, This Course and Us

Chapter 2 : What Is Security?

Security and its building blocks

Security related definitions and categories

Chapter 3 : Cross Site Scripting

What is XSS?

Learn by example - how does a XSS attack work?

Types of XSS

XSS mitigation and prevention

Chapter 4 : User Input Sanitization And Validation

Sanitizing input

Sanitizing input - still not done

Validating input

Validating input - some more stuff to say

Client Side Encoding, Blacklisting and Whitelisting inputs

Chapter 5 : The Content Security Policy Header

Rules for the browser

Default directives and wildcards

Stay away from inline code and the eval() function

The nonce attribute and the script hash

Chapter 6 : Credentials Management

Broken authentication and session management

All about passwords - Strength, Use and Transit

All about passwords – Storage

Learn by example - login authentication

A little bit about hashing

All about passwords – Recovery

Chapter 7 : Session Management

What is a session?

Anatomy of a session attack

Session hijacking - count the ways

Learn by example - sessions without cookies

Session ids using hidden form fields and cookies

Session hijacking using session fixation

Session hijacking counter measures

Session hijacking - sidejacking, XSS and malware

Chapter 8 : SQL Injection

Who Is Bobby Tables?

Learn by example - how does SQLi work?

Anatomy of a SQLi attack - unsanitized input and server errors

Anatomy of a SQLi attack - table names and column names

Anatomy of a SQLi attack - getting valid credentials for the site

Types of SQL injection

SQLi mitigation - parameterized queries and stored procedures

SQLi mitigation - Escaping user input, least privilege, whitelist validation

Chapter 9 : Cross Site Request Forgery

What is XSRF?

Learn by example - XSRF with GET and POST parameters

XSRF mitigation - The referer, origin header and the challenge response

XSRF mitigation - The synchronizer token

Chapter 10 : Lot’s Of Interesting Bits Of Information

The Open Web Application Security Project

2 factor authentications and OTPs

Social Engineering

Chapter 11 : Direct Object Reference

The direct object reference attack - do not leak implementation details

Direct object reference mitigations

Chapter 12 : Iframes

IFrames come with their own security concerns

Sandboxing iframes

Chapter 13 : One last word

Wrapping up the OWASP top 10 list

Chapter 14 : One last word

Installing PHP (Windows)

Enabling MySQL and using phpmyadmin (Windows)

Installing PHP (Mac)

Installing MySQL (Mac)

Using MySQL Workbench (Mac)

Getting PHP and MySQL to talk to each other (Mac)

Start your Free Trial

Self paced

Go to the Course
We have partnered with providers to bring you collection of courses, When you buy through links on our site, we may earn an affiliate commission from provider.