Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Web Security: Common Vulnerabilities And Their Mitigation
You, This Course and Us
You, This Course and Us (1:49)
What Is Security?
Security and its building blocks (13:41)
Security related definitions and categories (10:12)
Cross Site Scripting
What is XSS? (12:59)
Learn by example - how does a XSS attack work? (13:06)
Types of XSS (12:59)
XSS mitigation and prevention (11:15)
User Input Sanitization And Validation
Sanitizing input (12:09)
Sanitizing input - still not done (8:10)
Validating input (14:07)
Validating input - some more stuff to say (9:16)
Client Side Encoding, Blacklisting and Whitelisting inputs (7:03)
The Content Security Policy Header
Rules for the browser (11:23)
Default directives and wildcards (8:40)
Stay away from inline code and the eval() function (8:13)
The nonce attribute and the script hash (11:27)
Credentials Management
Broken authentication and session management (3:05)
All about passwords - Strength, Use and Transit (5:24)
All about passwords - Storage (13:17)
Learn by example - login authentication (10:29)
A little bit about hashing (10:34)
All about passwords - Recovery (14:25)
Session Management
What is a session? (6:21)
Anatomy of a session attack (6:34)
Session hijacking - count the ways (4:53)
Learn by example - sessions without cookies (14:40)
Session ids using hidden form fields and cookies (4:08)
Session hijacking using session fixation (8:09)
Session hijacking counter measures (3:58)
Session hijacking - sidejacking, XSS and malware (3:10)
SQL Injection
Who Is Bobby Tables? (5:17)
Learn by example - how does SQLi work? (9:26)
Anatomy of a SQLi attack - unsanitized input and server errors (8:42)
Anatomy of a SQLi attack - table names and column names (6:19)
Anatomy of a SQLi attack - getting valid credentials for the site (5:23)
Types of SQL injection (8:09)
SQLi mitigation - parameterized queries and stored procedures (7:47)
SQLi mitigation - Escaping user input, least privilege, whitelist validation (6:33)
Cross Site Request Forgery
What is XSRF? (10:00)
Learn by example - XSRF with GET and POST parameters (7:25)
XSRF mitigation - The referer, origin header and the challenge response (5:47)
XSRF mitigation - The synchronizer token (9:13)
Lot's Of Interesting Bits Of Information
The Open Web Application Security Project (8:10)
2 factor authentications and OTPs (11:04)
Social Engineering (9:00)
Direct Object Reference
The direct object reference attack - do not leak implementation details (9:19)
Direct object reference mitigations (4:55)
IFrames
IFrames come with their own security concerns (6:46)
Sandboxing iframes (9:02)
One last word
Wrapping up the OWASP top 10 list (7:42)
PHP and MySQL Install And Set Up
Installing PHP (Windows) (9:45)
Enabling MySQL and using phpmyadmin (Windows) (3:05)
Installing PHP (Mac) (11:55)
Installing MySQL (Mac) (7:03)
Using MySQL Workbench (Mac) (12:47)
Getting PHP and MySQL to talk to each other (Mac) (1:06)
Getting PHP and MySQL to talk to each other (Mac)
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock