Web Security: Common Vulnerabilities And Their Mitigation

449 1,996

Redeem Coupon:
Loading the player...
5 (1)
Web Development

15 days Money back Gurantee

Unlimited Access

Android, iPhone and iPad Access

Certificate of Completion

Course Summary :

Coat your website with armor, protect yourself against the most common threats and vulnerabilities. Understand, with examples, how common security attacks work and how to mitigate them. Learn secure practices to keep your website users safe.

Let's parse that.

  • How do common security attacks work?: This course walks you through an entire range of web application security attacks, XSS, XSRF, Session Hijacking, Direct Object Reference and a whole lot more.
  • How do we mitigate them?: Mitigating security risks is a web developer's core job. Learn by example how you can prevent script injection, use secure tokens to mitigate XSRF, manage sessions and cookies, sanitize and validate input, manage credentials safely using hashing and encryption etc.
  • What secure practices to follow?: See what modern browsers have to offer for protection and risk mitigation, how you can  limit the surface area you expose in your site.  

What's included in this course:

  • Security attacks such as Cross Site Scripting, Session Hijacking, Credential Management, Cross Site Request Forgery, SQL Injection, Direct Object Reference, Social Engineering 
  • Risk mitigation using the Content Security Policy Header, user input validation and sanitization, secure token validation, sandboxed iframes, secure sessions and expiry, password recovery
  • Web security basics: Two factor authentication, Open Web Application Security Project

What am I going to get from this course?

  • Understand how common web security attacks work
  • Know how to write code which mitigates security risks
  • Implement secure coding practices to reduce vulnerabilities

Pre-Requisites :

  • A basic understanding of how the web browser, rendering, headers, cookies and sessions
  • A basic understanding of Javascript and PHP to follow the examples

Target Audience :

  • Students who have some experience in web programming and understand basic browser concepts
  • Nope! Students who are beginners and have never done any web programming

Curriculum :

Section 1 - You, This Course and Us
      1 : You, This Course and Us01:48
    Section 2 - What Is Security?
        2 : Security and its building blocks13:41
        3 : Security related definitions and categories10:12
        4 : Download for sec 2
      Section 3 - Cross Site Scripting
          5 : What is XSS?12:59
          6 : Learn by example - how does a XSS attack work?13:05
          7 : Types of XSS12:59
          8 : XSS mitigation and prevention11:15
          9 : Download for sec 3
        Section 4 - User Input Sanitization And Validation
            10 : Sanitizing input12:09
            11 : Sanitizing input - still not done08:10
            12 : Validating input14:07
            13 : Validating input - some more stuff to say09:16
            14 : Client Side Encoding, Blacklisting and Whitelisting inputs 07:03
          Section 5 - The Content Security Policy Header
              15 : Rules for the browser11:23
              16 : Default directives and wildcards08:40
              17 : Stay away from inline code and the eval() function08:13
              18 : The nonce attribute and the script hash 11:27
              19 : Download for sec 5
            Section 6 - Credentials Management
                20 : Broken authentication and session management03:05
                21 : All about passwords - Strength, Use and Transit05:24
                22 : All about passwords - Storage13:17
                23 : Learn by example - login authentication10:29
                24 : A little bit about hashing10:34
                25 : All about passwords - Recovery14:25
                26 : Download for sec 6
              Section 7 - Session Management
                  27 : What is a session?06:21
                  28 : Anatomy of a session attack06:34
                  29 : Session hijacking - count the ways04:53
                  30 : Learn by example - sessions without cookies14:40
                  31 : Session ids using hidden form fields and cookies04:08
                  32 : Session hijacking using session fixation08:09
                  33 : Session hijacking counter measures03:58
                  34 : Session hijacking - sidejacking, XSS and malware03:10
                  35 : Download for sec 7
                Section 8 - SQL Injection
                    36 : Who Is Bobby Tables?05:17
                    37 : Learn by example - how does SQLi work?09:26
                    38 : Anatomy of a SQLi attack - unsanitized input and server errors08:42
                    39 : Anatomy of a SQLi attack - table names and column names06:19
                    40 : Anatomy of a SQLi attack - getting valid credentials for the site05:22
                    41 : Types of SQL injection08:09
                    42 : SQLi mitigation - parameterized queries and stored procedures07:47
                    43 : SQLi mitigation - Escaping user input, least privilege, whitelist validation06:33
                    44 : Download for sec 8
                  Section 9 - Cross Site Request Forgery
                      45 : What is XSRF?10:00
                      46 : Learn by example - XSRF with GET and POST parameters07:25
                      47 : XSRF mitigation - The referer, origin header and the challenge response05:47
                      48 : XSRF mitigation - The synchronizer token09:13
                      49 : Download for sec 9
                    Section 10 - Lot's Of Interesting Bits Of Information
                        50 : The Open Web Application Security Project08:10
                        51 : 2 factor authentications and OTPs11:04
                        52 : Social Engineering09:00
                        53 : Download for sec 10
                      Section 11 - Direct Object Reference
                          54 : The direct object reference attack - do not leak implementation details09:19
                          55 : Direct object reference mitigations04:55
                          56 : Download for sec 11
                        Section 12 - IFrames
                            57 : IFrames come with their own security concerns06:46
                            58 : Sandboxing iframes09:02
                            59 : Download for sec 12
                          Section 13 - One last word
                              60 : Wrapping up the OWASP top 10 list07:42
                              61 : Download for sec 13
                            Section 14 - PHP and MySQL Install And Set Up
                                62 : Installing PHP (Windows)09:45
                                63 : Enabling MySQL and using phpmyadmin (Windows)03:04
                                64 : Installing PHP (Mac)11:55
                                65 : Installing MySQL (Mac)07:03
                                66 : Using MySQL Workbench (Mac)12:47
                                67 : Getting PHP and MySQL to talk to each other (Mac)01:06


Instructor :

Loonycorn A 4-ppl team;ex-Google.


Loonycorn is us, Janani Ravi, Vitthal Srinivasan, Swetha Kolalapudi and Navdeep Singh. Between the four of us, we have studied at Stanford, IIM Ahmedabad, the IITs and have spent years (decades, actually) working in tech, in the Bay Area, New York, Singapore and Bangalore. Janani: 7 years at Google (New York, Singapore); Studied at Stanford; also worked at Flipkart and Microsoft Vitthal: Also Google (Singapore) and studied at Stanford; Flipkart, Credit Suisse and INSEAD too Swetha: Early Flipkart employee, IIM Ahmedabad and IIT Madras alum Navdeep: longtime Flipkart employee too, and IIT Guwahati alum We think we might have hit upon a neat way of teaching complicated tech courses in a funny, practical, engaging way, which is why we are so excited to be here on Unanth! We hope you will try our offerings, and think you'll like them :-)


Average Rating
 (1 Reviews)


Anitha Alex

posted 11 month before

Simple and thoroughly explained. I recommend this course.