Web Security

Security is an increasingly important part of building modern web applications, but developers often fall victim to the pressure of tight deadlines. In this course, we'll get hands on, both from the attacking and defending standpoint, and learn how to keep the baddies out.

Web Security

Stage One State of Web App Security

Before we jump in, let's talk about the current state of Web Application security in comparison to the ops and infrastructure security world. We'll also look at the typical categories of attacks, and what we can do as developers to make sure we're not easy targets ourselves!

  • Duration: 90 minutes
Schedule

Stage Two Client-Side Vulnerabilities

The ability for users to inject content into web pages is the root cause of a broad class of vulnerabilities, which can affect the experience of other users, and leak potentially useful information out to an attacker. We’ll conduct some attacks in a controlled environment, and then learn how to defend against them in our own web applications.

  • Duration: 225 minutes
Schedule

Stage Three Server-Side Vulnerabilities

Attacks that cause a hosted application to operate in unexpected or unpredictable ways, can result in private data either leaking out through HTTP responses or logs.

  • Duration: 115 minutes
Schedule

Stage Four Network & Infrastructure Vulnerabilities

Even if you lock down your client and server side, it's still our responsibility as developers to prevent users from getting into trouble when networks and certificates are tampered with.

  • Duration: 65 minutes
Schedule