Web Security Fundamentals

Prerequisites : Understanding of basic web technologies (HTTP, HTML, JS, …)

Week 1: Is security an illusion?
Introduction to the web security landscape, and an overview of the most relevant threats. Understanding the security model of the web, and the recent evolution towards client-centric security.

Week 2: Securing the communication channel
Understanding the dangers of an insecure communication channel. Practical advice on deploying HTTPS, and dealing with the impact on your application. Insights into the latest evolutions for HTTPS deployments.

Week 3: Preventing unauthorized access
Understanding the interplay between authentication, authorization and session management. Practical ways to secure the authentication process, prevent authorization bypasses and harden session management mechanisms.

Week 4: Securely Handling untrusted data
Investigation of injection attacks over time. Understanding the cause behind both server-side and client-side injection attacks. Execution of common injection attacks, and implementation of various defenses.

Week 5: Conclusion
Putting the contents of this course into perspective, and relating it back to the most relevant threats from the introduction. Overview of current best practices for building secure web applications.