Web Security: Common Vulnerabilities And Their Mitigation

Web Security: Common Vulnerabilities And Their Mitigation

by Loonycorn
Released October 2017
Publisher(s): Packt Publishing
ISBN: 9781788835077

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

Coat your website with armor, protect yourself against the most common threats and vulnerabilities. Understand, with examples, how common security attacks work and how to mitigate them. Learn secure practices to keep your website users safe. Let's parse that. How do common security attacks work?: This course walks you through an entire range of web application security attacks, XSS, XSRF, Session Hijacking, Direct Object Reference and a whole lot more. How do we mitigate them?: Mitigating security risks is a web developer's core job. Learn by example how you can prevent script injection, use secure tokens to mitigate XSRF, manage sessions and cookies, sanitize and validate input, manage credentials safely using hashing and encryption etc. What secure practices to follow?: See what modern browsers have to offer for protection and risk mitigation, how you can limit the surface area you expose in your site.

What You Will Learn

  • Understand how common web security attacks work
  • Know how to write code which mitigates security risks
  • Implement secure coding practices to reduce vulnerabilities

Audience

The following audience will benefit from this course: - Students who have some experience in web programming and understand basic browser concepts, students who are beginners and have never done any web programming.

About The Author

Loonycorn: Janani Ravi is a certified Google Cloud Architect and Data Engineer. She has earned her master's degree in electrical engineering from Stanford. She is currently in Loonycorn, a technical video content studio, of which she is a cofounder. Prior to co-founding Loonycorn, she worked at various leading companies, such as Google and Microsoft, for several years as a software engineer.

Table of contents

  1. Chapter 1 : You, This Course and Us
    1. You, This Course and Us
  2. Chapter 2 : What Is Security?
    1. Security and its building blocks
    2. Security related definitions and categories
  3. Chapter 3 : Cross Site Scripting
    1. What is XSS?
    2. Learn by example - how does a XSS attack work?
    3. Types of XSS
    4. XSS mitigation and prevention
  4. Chapter 4 : User Input Sanitization And Validation
    1. Sanitizing input
    2. Sanitizing input - still not done
    3. Validating input
    4. Validating input - some more stuff to say
    5. Client Side Encoding, Blacklisting and Whitelisting inputs
  5. Chapter 5 : The Content Security Policy Header
    1. Rules for the browser
    2. Default directives and wildcards
    3. Stay away from inline code and the eval() function
    4. The nonce attribute and the script hash
  6. Chapter 6 : Credentials Management
    1. Broken authentication and session management
    2. All about passwords - Strength, Use and Transit
    3. All about passwords – Storage
    4. Learn by example - login authentication
    5. A little bit about hashing
    6. All about passwords – Recovery
  7. Chapter 7 : Session Management
    1. What is a session?
    2. Anatomy of a session attack
    3. Session hijacking - count the ways
    4. Learn by example - sessions without cookies
    5. Session ids using hidden form fields and cookies
    6. Session hijacking using session fixation
    7. Session hijacking counter measures
    8. Session hijacking - sidejacking, XSS and malware
  8. Chapter 8 : SQL Injection
    1. Who Is Bobby Tables?
    2. Learn by example - how does SQLi work?
    3. Anatomy of a SQLi attack - unsanitized input and server errors
    4. Anatomy of a SQLi attack - table names and column names
    5. Anatomy of a SQLi attack - getting valid credentials for the site
    6. Types of SQL injection
    7. SQLi mitigation - parameterized queries and stored procedures
    8. SQLi mitigation - Escaping user input, least privilege, whitelist validation
  9. Chapter 9 : Cross Site Request Forgery
    1. What is XSRF?
    2. Learn by example - XSRF with GET and POST parameters
    3. XSRF mitigation - The referer, origin header and the challenge response
    4. XSRF mitigation - The synchronizer token
  10. Chapter 10 : Lot's Of Interesting Bits Of Information
    1. The Open Web Application Security Project
    2. 2 factor authentications and OTPs
    3. Social Engineering
  11. Chapter 11 : Direct Object Reference
    1. The direct object reference attack - do not leak implementation details
    2. Direct object reference mitigations
  12. Chapter 12 : Iframes
    1. IFrames come with their own security concerns
    2. Sandboxing iframes
  13. Chapter 13 : One last word
    1. Wrapping up the OWASP top 10 list
  14. Chapter 14 : One last word
    1. Installing PHP (Windows)
    2. Enabling MySQL and using phpmyadmin (Windows)
    3. Installing PHP (Mac)
    4. Installing MySQL (Mac)
    5. Using MySQL Workbench (Mac)
    6. Getting PHP and MySQL to talk to each other (Mac)

Product information

  • Title: Web Security: Common Vulnerabilities And Their Mitigation
  • Author(s): Loonycorn
  • Release date: October 2017
  • Publisher(s): Packt Publishing
  • ISBN: 9781788835077