Web Security

Security is an increasingly important part of building modern web applications, but developers often fall victim to the pressure of tight deadlines. In this course, we'll get hands on, both from the attacking and defending standpoint, and learn how to keep the baddies out.

Web Security

Network & Infrastructure Vulnerabilities

Even if you lock down your client and server side, it's still our responsibility as developers to prevent users from getting into trouble when networks and certificates are tampered with.

  • Network & Infrastructure VulnerabilitiesMan-in-the-middle attacks, HTTPS and HSTS

    There's a good reason that the entire internet is moving toward HTTPS: it is exceedingly easy to observe and tamper with plain HTTP traffic. However, HTTPS is not enough! We'll look at HTTP Strict Transport Security headers, and how we can save users from themselves.

  • Network & Infrastructure VulnerabilitiesSubresource Integrity (SRI)

    What would happen if someone tampered with your CDN? Subresource Integrity (SRI) protects us from problems caused by tampered CDN, even when everything else fails. We'll look at how an attack could be staged, and how SRI would save our users.

  • Network & Infrastructure VulnerabilitiesWrap up and Recap

    We'll recap everything we've covered, and provide references for further reading and learning.