Security is an increasingly important part of building modern web applications, but developers often fall victim to the pressure of tight deadlines. In this course, we'll get hands on, both from the attacking and defending standpoint, and learn how to keep the baddies out.
Before we jump in, let's talk about the current state of Web Application security in comparison to the ops and infrastructure security world. We'll also look at the typical categories of attacks, and what we can do as developers to make sure we're not easy targets ourselves!
The ability for users to inject content into web pages is the root cause of a broad class of vulnerabilities, which can affect the experience of other users, and leak potentially useful information out to an attacker. We’ll conduct some attacks in a controlled environment, and then learn how to defend against them in our own web applications.
Attacks that cause a hosted application to operate in unexpected or unpredictable ways, can result in private data either leaking out through HTTP responses or logs.
Even if you lock down your client and server side, it's still our responsibility as developers to prevent users from getting into trouble when networks and certificates are tampered with.
