Gain insights into enforcing web app security best practices, such as HTTPS, defending against XSS and clickjacking, managing HTTP cookies, and warding off DDoS attacks.

new.tar.gz

node

cookies

hsts

hsts-https

cookies-https

clickjacking

cors

There are more vulnerabilities than ever when creating applications for the web, so it is extremely important that software developers enforce security best practices such as, how to add protection through HTTP headers.

In this course, you will start off by learning how to prevent fraudulent SSL certificates from being served to clients, before moving on to how to defend against XSS attacks and clickjacking. 

In the latter half of the course, you’ll learn security practices related to HTTP cookies, and tips around security tradeoffs that you’ll make in your day-to-day work. Towards the end, you’ll learn how to ward off DDoS attacks, which is crucial when your application scales.

This course will demystify web security, and help you stay on top of important security-related concerns in your web apps.

Web Application Security for the Everyday Software Engineer

## The Open Web Application Security Project
Truth to be told, I would strongly recommend you visit the OWASP website
and find out what they have to say:

* OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org): a collection of brief practical information. You can find articles about how to harden Docker containers or in what form passwords be should stored. It is a technical and comprehensive list of guides that inspired the practical approach used in this chapter of this course.
* OWASP Developer Guide (https://github.com/OWASP/DevGuide): a guide on how to build secure applications. It is slowly being rewritten (the original version was published in 2005) but most of the content is still very useful.
* OWASP Testing Guide (https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents): on how to test for security holes.

These are three very informative guides that should help you infuse resistance against attacks across your architecture; I'd strongly suggest going through them at some point in time. The Cheat Sheet Series, in particular, is extremely recommended.

---
We'll conclude this chapter with the next lesson.


# The Open Web Application Security Project
Truth to be told, I would strongly recommend you visit the OWASP website
and find out what they have to say:

* OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org): a collection of brief practical information. You can find articles about how to harden Docker containers or in what form passwords be should stored. It is a technical and comprehensive list of guides that inspired the practical approach used in this chapter of this course.
* OWASP Developer Guide (https://github.com/OWASP/DevGuide): a guide on how to build secure applications. It is slowly being rewritten (the original version was published in 2005) but most of the content is still very useful.
* OWASP Testing Guide (https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents): on how to test for security holes.

These are three very informative guides that should help you infuse resistance against attacks across your architecture; I'd strongly suggest going through them at some point in time. The Cheat Sheet Series, in particular, is extremely recommended.

---
We'll conclude this chapter with the next lesson.


In this lesson, we'll learn about the Open Web Application Security Project.

Introduction

Understanding The Browser

HTTP

Protection through HTTP Headers

HTTP Cookies

Situationals

DDoS Attacks

Bug Bounty Programs

Conclusion

Deploy an API to Production Using Nginx

OWASP

The Open Web Application Security Project