Web Security: Common Vulnerabilities And Their Mitigation

Course Curriculum

Chapter 1: You, This Course and Us

Lecture 1: You, This Course and Us

Lecture 2: Source Code and PDFs

Chapter 2: What Is Security?

Lecture 1: Security and its building blocks

Lecture 2: Security related definitions and categories

Chapter 3: Cross Site Scripting

Lecture 1: What is XSS?

Lecture 2: Learn by example – how does a XSS attack work?

Lecture 3: Types of XSS

Lecture 4: XSS mitigation and prevention

Chapter 4: User Input Sanitization And Validation

Lecture 1: Sanitizing input

Lecture 2: Sanitizing input – still not done

Lecture 3: Validating input

Lecture 4: Validating input – some more stuff to say

Lecture 5: Client Side Encoding, Blacklisting and Whitelisting inputs

Chapter 5: The Content Security Policy Header

Lecture 1: Rules for the browser

Lecture 2: Default directives and wildcards

Lecture 3: Stay away from inline code and the eval() function

Lecture 4: The nonce attribute and the script hash

Chapter 6: Credentials Management

Lecture 1: Broken authentication and session management

Lecture 2: All about passwords – Strength, Use and Transit

Lecture 3: All about passwords – Storage

Lecture 4: Learn by example – login authentication

Lecture 5: A little bit about hashing

Lecture 6: All about passwords – Recovery

Chapter 7: Session Management

Lecture 1: What is a session?

Lecture 2: Anatomy of a session attack

Lecture 3: Session hijacking – count the ways

Lecture 4: Learn by example – sessions without cookies

Lecture 5: Session ids using hidden form fields and cookies

Lecture 6: Session hijacking using session fixation

Lecture 7: Session hijacking counter measures

Lecture 8: Session hijacking – sidejacking, XSS and malware

Chapter 8: SQL Injection

Lecture 1: Who Is Bobby Tables?

Lecture 2: Learn by example – how does SQLi work?

Lecture 3: Anatomy of a SQLi attack – unsanitized input and server errors

Lecture 4: Anatomy of a SQLi attack – table names and column names

Lecture 5: Anatomy of a SQLi attack – getting valid credentials for the site

Lecture 6: Types of SQL injection

Lecture 7: SQLi mitigation – parameterized queries and stored procedures

Lecture 8: SQLi mitigation – Escaping user input, least privilege, whitelist validation

Chapter 9: Cross Site Request Forgery

Lecture 1: What is XSRF?

Lecture 2: Learn by example – XSRF with GET and POST parameters

Lecture 3: XSRF mitigation – The referer, origin header and the challenge response

Lecture 4: XSRF mitigation – The synchronizer token

Chapter 10: Lot's Of Interesting Bits Of Information

Lecture 1: The Open Web Application Security Project

Lecture 2: 2 factor authentications and OTPs

Lecture 3: Social Engineering

Chapter 11: Direct Object Reference

Lecture 1: The direct object reference attack – do not leak implementation details

Lecture 2: Direct object reference mitigations

Chapter 12: IFrames

Lecture 1: IFrames come with their own security concerns

Lecture 2: Sandboxing iframes

Chapter 13: One last word

Lecture 1: Wrapping up the OWASP top 10 list

Chapter 14: PHP and MySQL Install And Set Up

Lecture 1: Installing PHP (Windows)

Lecture 2: Enabling MySQL and using phpmyadmin (Windows)

Lecture 3: Installing PHP (Mac)

Lecture 4: Installing MySQL (Mac)

Lecture 5: Using MySQL Workbench (Mac)

Lecture 6: Getting PHP and MySQL to talk to each other (Mac)