Web Security: Common Vulnerabilities And Their Mitigation

Web Security: Common Vulnerabilities And Their Mitigation
Web Security: Common Vulnerabilities And Their Mitigation
English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 8h 02m | 2.18 GB

A guide to dealing with XSS, session hijacking, XSRF, credential management, SQLi and a whole lot more

Coat your website with armor, protect yourself against the most common threats and vulnerabilities. Understand, with examples, how common security attacks work and how to mitigate them. Learn secure practices to keep your website users safe. Let's parse that. How do common security attacks work?: This course walks you through an entire range of web application security attacks, XSS, XSRF, Session Hijacking, Direct Object Reference and a whole lot more. How do we mitigate them?: Mitigating security risks is a web developer's core job. Learn by example how you can prevent script injection, use secure tokens to mitigate XSRF, manage sessions and cookies, sanitize and validate input, manage credentials safely using hashing and encryption etc. What secure practices to follow?: See what modern browsers have to offer for protection and risk mitigation, how you can limit the surface area you expose in your site.

This course will take less than 8 hours of your time, but it is going to save you a lot of time in the future.

What You Will Learn

  • Understand how common web security attacks work
  • Know how to write code which mitigates security risks
  • Implement secure coding practices to reduce vulnerabilities
Table of Contents

01 You, This Course and Us
02 Security and its building blocks
03 Security related definitions and categories
04 What is XSS
05 Learn by example - how does a XSS attack work
06 Types of XSS
07 XSS mitigation and prevention
08 Sanitizing input
09 Sanitizing input - still not done
10 Validating input
11 Validating input - some more stuff to say
12 Client Side Encoding, Blacklisting and Whitelisting inputs
13 Rules for the browser
14 Default directives and wildcards
15 Stay away from inline code and the eval() function
16 The nonce attribute and the script hash
17 Broken authentication and session management
18 All about passwords - Strength, Use and Transit
19 All about passwords – Storage
20 Learn by example - login authentication
21 A little bit about hashing
22 All about passwords – Recovery
23 What is a session
24 Anatomy of a session attack
25 Session hijacking - count the ways
26 Learn by example - sessions without cookies
27 Session ids using hidden form fields and cookies
28 Session hijacking using session fixation
29 Session hijacking counter measures
30 Session hijacking - sidejacking, XSS and malware
31 Who Is Bobby Tables
32 Learn by example - how does SQLi work
33 Anatomy of a SQLi attack - unsanitized input and server errors
34 Anatomy of a SQLi attack - table names and column names
35 Anatomy of a SQLi attack - getting valid credentials for the site
36 Types of SQL injection
37 SQLi mitigation - parameterized queries and stored procedures
38 SQLi mitigation - Escaping user input, least privilege, whitelist validation
39 What is XSRF
40 Learn by example - XSRF with GET and POST parameters
41 XSRF mitigation - The referer, origin header and the challenge response
42 XSRF mitigation - The synchronizer token
43 The Open Web Application Security Project
44 2 factor authentications and OTPs
45 Social Engineering
46 The direct object reference attack - do not leak implementation details
47 Direct object reference mitigations
48 IFrames come with their own security concerns
49 Sandboxing iframes
50 Wrapping up the OWASP top 10 list
51 Installing PHP (Windows)
52 Enabling MySQL and using phpmyadmin (Windows)
53 Installing PHP (Mac)
54 Installing MySQL (Mac)
55 Using MySQL Workbench (Mac)
56 Getting PHP and MySQL to talk to each other (Mac)