Web Security Foundations
About the course:
Description: The Web Security module is intended to be an introduction to the fundamental concepts of Web Security. Students will learn the mindset, discipline, and methods for securing a software project. This course is designed to be useful and accessible to application developers, QA testers, operations teams, and leaders who want to understand how to have conversations and make decisions about application security. Objectives: Introduction to Security. Network Topologies. Trust Boundaries, Input/output Scrubbing, Resources, Authentication, Access Controls, OAuth. Application Attack Vectors: privilege escalation, SQL, file uploads, XSS, CSRF Development. Practices: SSH, SFTP, private keys, passwords, auth tokens. Hosting Options and Security. Network Stack - Deep Dive: Protocol/OS attack vectors: DOS, failure to encrypt, SSL vulnerabilities. Software Updates, Firewalls, Rate limiting. Security Standards: PII, SPI, HIPAA, PCI Encryption: data at rest, in transit, hashing/salting passwords. Internal Attack Vectors: social engineering, phishing. Security Community - OWASP, CVEs, WHID, Veris, how to be watchful. What to do if you get hacked.