In this course, you will learn :
- How to prevent clients from receiving fraudulent SSL certificates before moving on to how to defend against XSS attacks and clickjacking.
- Learn HTTP cookie security practises and tips for making security tradeoffs in your day-to-day work.
- How to defend against DDoS attacks, which is essential as your application scales.
1. Understanding The Browser
- Browser Basics
- What Does a Browser Do?
- A Browser for Developers
- Introduction to HTTP
- How HTTP Works
- Mechanics: HTTP vs HTTPS vs H2
- Mechanics: Encryption
- HTTPS Everywhere
- GET vs POST
3. Protection through HTTP Headers
- HTTP Strict Transport Security
- HTTP Public Key Pinning
- Cross Origin Resource Sharing
- X-Permitted-Cross-Domain-Policies & Referrer-Policy
- The reporting API
4. HTTP Cookies
- Introduction HTTP Cookies
- What's Behind a Cookie?
- Session and Persistent Cookies
- Encrypt it Or Forget it
- SameSite: The CSRF Killer
- Introduction to Situationals
- Blacklisting Versus Whitelisting
- Logging Secrets
- Never Trust The Client
- Generating Session IDs
- Querying Your Database While Avoiding SQL Injections
- Dependencies With Known Vulnerabilities
- Have I Been Pwned?
- Session Invalidation in a Stateless Architecture
- My CDN Was Compromised!
- The Slow Death of EV Certificates
- Paranoid Mode: On
- Low-priority and Delegated Domains
- Hold The Door
6. DDoS Attacks
- Introduction to DDoS
- Anatomy of a DDoS
- Why Would Anyone Bomb Me?
- Notable DDoS Attacks
- Don't Panic: Some Services to The Rescue!
- Hackers Welcome
7. Bug Bounty Programs
- Introduction to Bug Bounty Programs
- What's in a Program?
- Dealing With Researchers
- Malicious Reporters