Introduction to Browser Security Headers
Pluralsight
Course Summary
Browser security headers provide a means for websites to describe how they should behave when loaded into the client. By specifying expected and allowable behaviors, security headers can thwart a number of otherwise serious attacks against websites.
-
+
Course Description
Security is all about defense in depth: applying layer upon layer of security controls such that any one single failure does not lead to a compromise of the application. One of those layers is the browser itself, which is becoming increasingly intelligent when it comes to implementing defenses. Security headers are a way of telling the browser how a website may behave when it’s loaded into the client. They provide numerous defenses against a variety of attacks in ways that have not previously been possible with security controls that ran solely on the server. In this course, we’ll walk through a number of essential security headers that provide even greater levels of defense for web applications. We’ll look at how they’re intended to work, what attacks they protect against, and how you can easily implement them in your website.
-
+
Course Syllabus
Understanding Browser Security Headers- 27m 34s
—Overview 2m 14s
—Security Threats in a Web World 3m 50s
—Things the Server Can’t Control 2m 45s
—Understanding Headers 5m 7s
—How Browsers Handle Response Headers 4m 44s
—Non-standard and Browser Prefixed Headers 3m 5s
—Current Utilization of Browser Security Headers 3m 45s
—Summary 2m 1sHTTP Strict Transport Security (HSTS)- 34m 28s
—Overview 2m 46s
—Understanding the Problem that HSTS Solves 4m 35s
—Understanding HSTS 7m 13s
—The max-age Directive 4m 27s
—The includeSubdomains Keyword 3m 45s
—The preload Keyword 8m 26s
—Browser Compatibility 1m 22s
—Summary 1m 49sHTTP Public Key Pinning (HPKP)- 38m 10sContent Security Policy (CSP)- 59m 34sTools for Working with Browser Headers- 25m 11s
