Watch Demo

Rs. 1299  Rs. 599

Web Security: Common Vulnerabilities And their Mitigation

Secure your website from security attacks and vulnerabilities. Understand how security attacks work and how to mitigate them.

Lifetime access
41 learners
Introduction to the Course

It is crucial to protect your website from common hazards and vulnerabilities. To know how to protect your website from these shortfalls, it is essential to understand how common security attacks work. This online tutorial on Web Security runs you through an array of web application security attacks, XSRF, XXS, Direct Object Reference, Session Hijacking, and many others. A developer's core job is to mitigate security attacks. This involves learning how to prevent script injection, using secure tokens to mitigate XSRF, managing cookies and sessions, sanitizing and validating input, managing credentials, safe use of hashing and encryption, and a lot more. It also includes techniques to mitigate risk, protect your website and develops your ability to limit the exposed surface area of your website.

Read more

Course Objectives

What will you gain from this course?

  • An understanding of how common web security attacks work
  • The ability of to write code that will mitigate security risks
  • Learn how to secure coding practices and reduce the gaps

Prerequisites and Target Audience

You will require basic knowledge of web browser, headers, rendering, cookies and sessions. To follow the examples, you will also require having an understanding of JavaScript and PHP.

This course is specifically designed for students who understand basic browser concepts and have some form of experience in web programming.

Course Plan
Certificate of completion

1. You, This Course and Us
1 video
You, This Course and Us 01:49
2. What Is Security?
2 videos
Security and its building blocks 13:41

Security related definitions and categories 10:12
4. User Input Sanitization And Validation
5 videos
Sanitizing input 12:09

Sanitizing input - still not done 08:10

Validating input 14:07

Validating input - some more stuff to say 09:16

Client Side Encoding, Blacklisting and Whitelisting inputs 07:03
5. The Content Security Policy Header
4 videos
Rules for the browser 11:23

Default directives and wildcards 08:40

Stay away from inline code and the eval() function 08:13

The nonce attribute and the script hash 11:27
6. Credentials Management
6 videos
Broken authentication and session management 03:05

All about passwords - Strength, Use and Transit 05:24

All about passwords - Storage 13:17

Learn by example - login authentication 10:29

A little bit about hashing 10:34

All about passwords - Recovery 14:25
7. Session Management
8 videos
What is a session? 06:21

Anatomy of a session attack 06:34

Session hijacking - count the ways 04:53

Learn by example - sessions without cookies 14:40

Session ids using hidden form fields and cookies 04:08

Session hijacking using session fixation 08:09

Session hijacking counter measures 03:58

Session hijacking - sidejacking, XSS and malware 03:10
8. SQL Injection
8 videos
Who Is Bobby Tables? 05:17

Learn by example - how does SQLi work? 09:26

Anatomy of a SQLi attack - unsanitized input and server errors 08:42

Anatomy of a SQLi attack - table names and column names 06:19

Anatomy of a SQLi attack - getting valid credentials for the site 05:22

Types of SQL injection 08:09

SQLi mitigation - parameterized queries and stored procedures 07:47

SQLi mitigation - Escaping user input, least privilege, whitelist validation 06:33
9. Cross Site Request Forgery
4 videos
What is XSRF? 10:00

Learn by example - XSRF with GET and POST parameters 07:25

XSRF mitigation - The referer, origin header and the challenge response 05:47

XSRF mitigation - The synchronizer token 09:13
10. Lot's Of Interesting Bits Of Information
3 videos
The Open Web Application Security Project 08:10

2 factor authentications and OTPs 11:04

Social Engineering 09:00
11. Direct Object Reference
2 videos
The direct object reference attack - do not leak implementation details 09:19

Direct object reference mitigations 04:55
12. IFrames
2 videos
IFrames come with their own security concerns 06:46

Sandboxing iframes 09:02
13. One last word
1 video
Wrapping up the OWASP top 10 list 07:42
14. PHP and MySQL Install And Set Up
6 videos
Installing PHP (Windows) 09:45

Enabling MySQL and using phpmyadmin (Windows) 03:04

Installing PHP (Mac) 11:55

Installing MySQL (Mac) 07:03

Using MySQL Workbench (Mac) 12:47

Getting PHP and MySQL to talk to each other (Mac) 01:06

Meet the Author

4 Alumni of Stanford, IIM-A, IITs and Google, Microsoft, Flipkart

Loonycorn is a team of 4 people who graduated from reputed top universities. Janani Ravi, Vitthal Srinivasan, Swetha Kolalapudi and Navdeep Singh have spent years (decades, actually) working in the Tech sector across the world.

  • Janani: Graduated from Stanford and has worked for 7 years at Google (New York, Singapore). She also worked at Flipkart and Microsoft.
  • Vitthal: Studied at Stanford; worked at Google (Singapore), Flipkart, Credit Suisse, and INSEAD.
  • Swetha: An IIM Ahmedabad and IIT Madras alumnus having experience of working in Flipkart.
  • Navdeep: An IIT Guwahati alumnus and Longtime Flipkart employee.
  • More from Loonycorn
    Ratings and Reviews     4.3/5

    You may also like