Share Description
In this course, you will learn :
- How to prevent clients from receiving fraudulent SSL certificates before moving on to how to defend against XSS attacks and clickjacking.
- Learn HTTP cookie security practises and tips for making security tradeoffs in your day-to-day work.
- How to defend against DDoS attacks, which is essential as your application scales.
Syllabus :
1. Understanding The Browser
- Browser Basics
- What Does a Browser Do?
- Vendors
- A Browser for Developers
2. HTTP
- Introduction to HTTP
- How HTTP Works
- Mechanics: HTTP vs HTTPS vs H2
- Mechanics: Encryption
- HTTPS Everywhere
- GET vs POST
3. Protection through HTTP Headers
- HTTP Strict Transport Security
- HTTP Public Key Pinning
- Expect-CT
- X-Frame-Options
- Content-Security-Policy
- X-XSS-Protection
- Feature-Policy
- X-Content-Type-Options
- Cross Origin Resource Sharing
- X-Permitted-Cross-Domain-Policies & Referrer-Policy
- The reporting API
4. HTTP Cookies
- Introduction HTTP Cookies
- What's Behind a Cookie?
- Session and Persistent Cookies
- Host-only
- Supercookies
- Encrypt it Or Forget it
- JavaScript Can't Touch This
- SameSite: The CSRF Killer
- Alternatives
5. Situationals
- Introduction to Situationals
- Blacklisting Versus Whitelisting
- Logging Secrets
- Never Trust The Client
- Generating Session IDs
- Querying Your Database While Avoiding SQL Injections
- Dependencies With Known Vulnerabilities
- Have I Been Pwned?
- Session Invalidation in a Stateless Architecture
- My CDN Was Compromised!
- The Slow Death of EV Certificates
- Paranoid Mode: On
- Low-priority and Delegated Domains
- OWASP
- Hold The Door
6. DDoS Attacks
- Introduction to DDoS
- Anatomy of a DDoS
- Why Would Anyone Bomb Me?
- Notable DDoS Attacks
- Don't Panic: Some Services to The Rescue!
- Hackers Welcome
7. Bug Bounty Programs
- Introduction to Bug Bounty Programs
- What's in a Program?
- Security.txt
- HackerOne
- Dealing With Researchers
- Malicious Reporters
