Play by Play: Website Security Review with Troy Hunt and Lars Klint
Pluralsight
Course Summary
Learn to assess the security profile of your own web applications and identify security risks before attackers do.
-
+
Course Description
Frequently, the first thing a developer knows of a serious security flaw in their application is when it’s too late and it’s already been exploited. There’s a broad range of security risks and corresponding mitigations within web applications and it’s absolutely essential that developers learn how to identify these themselves. This course walks through a typical security review of an established web application and identifies which practices have been done well and then which ones could be improved. It’s a technology agnostic course – it doesn’t matter whether you work in ASP.NET or Node or PHP, this is all about the web and applies equally to all apps that run in the browser.
-
+
Course Syllabus
Secure Account Management- 47m 58s
—Introduction 0m 58s
—About the App - "Falling Into the Pit of Success" 1m 36s
—Account Management 3m 14s
—Security in a Box... Not 2m 43s
—HTTP: Start There and Stay There 0m 44s
—Grading Your HTTPS Configuration 2m 26s
—HTTP Strict Transport Security 4m 6s
—Preventing Account Enumeration 6m 59s
—Brute Force Attacks, Throttling, and Account Lockout 6m 48s
—Third-party Identity Providers 0m 53s
—Password Strength 2m 8s
—Password Validation 4m 34s
—Anti-automation (AKA Captcha) 5m 22s
—Multiple Simultaneous Logins 4m 41s
—Summary 0m 39sPatterns of Good Web Security- 54m 25s
—The OWASP Top 10 5m 6s
—Injection 4m 36s
—Broken Authentication and Session Management 11m 32s
—Cross-Site Scripting (XSS) 12m 10s
—Insecure Direct Object References 4m 53s
—Overlay Information Response Headers 3m 33s
—X-Frame-Options 2m 41s
—Cross-Site Request Forgery (CSRF) 4m 23s
—Automated Security Scanning 4m 0s
—Final Thoughts/Conclusion 1m 27s
