🔐

Web Security

Defensive security across the stack — XSS, auth, crypto, and application security.

Curriculum · 122 lessons

01Authentication vs Authorizationintro3m 02Symmetric versus Asymmetric Encryptionintro4m 03The IAM Roles and Policiesintro4m 04Cross Site Scripting XSSintro4m 05Role Based Access Controlintro4m 06The Symmetric Encryption AESintro4m 07Cross Site Request Forgery CSRFintro4m 08Zero Trust Architectureintro5m 09XML External Entity Preventionintro4m 10The TLS Handshake in Depthintro5m 11The OWASP Top Ten Overviewintro4m 12The Asymmetric RSAintro4m 13Insecure Direct Object References IDORintro4m 14HttpOnly And Secure Cookie Flagsintro4m 15Path Traversal Preventionintro4m 16The Least Privilege in Cloudintro4m 17The AES Block Cipherintro4m 18The Hashing SHA Familyintro4m 19HTTP Security Headersintro4m 20Multi Factor Authenticationintro4m 21The Security Headers Checklistintro4m 22Certificate Pinningintro4m 23The Secrets Manager and KMSintro5m 24Clickjacking and Frame Optionscore4m 25Secure Cookie Attributes Revisitedcore4m 26Security Misconfigurationcore4m 27Hashing versus Encryptioncore4m 28VPN and Tunnel Securitycore4m 29Dependency Vulnerability Scanningcore5m 30Rate Limiting as a Defensecore4m 31Session Fixation Preventioncore4m 32The Principle Of Least Privilegecore4m 33Dependency Scanningcore4m 34Open Redirect Preventioncore4m 35The Man in the Middle Threat Modelcore5m 36Secrets Management in Appscore5m 37The Salting And Pepperingcore4m 38SQL injection & parameterizationcore5m 39The Path Traversal Attackcore5m 40Defense In Depthcore4m 41Security Logging and Monitoringcore5m 42Same Site Cookiescore5m 43Cipher Modes and the Initialization Vectorcore5m 44DNS Security and DNSSECcore5m 45The HMAC For Integritycore4m 46HMAC Message Authenticationcore4m 47Network Segmentationcore4m 48JSON Web Tokenscore5m 49Server Side Request Forgery SSRFcore5m 50Command Injection Preventioncore5m 51Salting and Peppering Passwordscore5m 52SQL Injection Preventioncore5m 53The Block Cipher Modescore5m 54The Container Image Scanningcore5m 55OAuth Scopes And Consentcore5m 56Logging And Audit Trailscore5m 57The Random Number Generator and Entropycore5m 58The CSRF Token Defensecore5m 59Secrets Managementcore5m 60Content Security Policy Headerscore5m 61API Authorization Checkscore5m 62Key Derivation Functionscore5m 63Mutual TLS Authenticationcore5m 64The Password Hashing Bcrypt Argon2core5m 65The Security Groups and NACLscore5m 66The Pod Security Standardscore5m 67Subresource Integritycore5m 68Mass Assignment Protectioncore5m 69The Certificate Chain of Trustcore5m 70Cross Site Scripting Typescore5m 71The Certificate Authoritiescore5m 72Password Hashing With bcryptcore5m 73Brute Force and Credential Stuffing Defensecore5m 74Attribute Based Access Controlcore5m 75Server Side Template Injection Defensecore5m 76Single Sign On with SAMLcore5m 77The Elliptic Curve Cryptocore5m 78The VPC Isolation Securitycore5m 79Regular Expression Denial Of Service Preventioncore5m 80Authenticated Encryption with GCMcore5m 81Key Rotationcore5m 82OpenID Connectcore5m 83The Runtime Container Securitycore5m 84Refresh Token Rotationcore5m 85Prototype Pollution Defensecore5m 86Digital Signaturescore5m 87The Kubernetes RBACcore5m 88Security Of File Uploadscore6m 89Server Side Request Forgerycore5m 90The Key Derivation Functionscore5m 91The OAuth Authorization Code Flowcore6m 92The Network Policies in Kubernetescore5m 93The PKCE Extensioncore6m 94The Compliance and Benchmarks CIScore5m 95Encryption At Rest Vs In Transitadvanced5m 96Elliptic Curve Cryptography Basicsadvanced5m 97Token Introspection and Revocationadvanced5m 98Threat Modeling Basicsadvanced5m 99Secure Defaults And Hardeningadvanced5m 100Constant Time Comparisonadvanced5m 101The Digital Signaturesadvanced5m 102Input Validation And Allowlistsadvanced5m 103Dependency And Supply Chain Hygieneadvanced6m 104The Random Number Generation Cryptoadvanced5m 105The Cloud Audit Loggingadvanced6m 106TLS Certificates And Chains Of Trustadvanced5m 107Insecure Deserializationadvanced5m 108WebAuthn And Passkeysadvanced6m 109Time Of Check To Time Of Use Racesadvanced6m 110Nonce Reuse Dangersadvanced5m 111JWT Signature Verification Pitfallsadvanced5m 112The Supply Chain Security SBOMadvanced6m 113Incident Response Basicsadvanced6m 114Secure Session Managementadvanced6m 115Supply Chain Attacksadvanced6m 116Envelope Encryptionadvanced6m 117Business Logic Flaw Reviewadvanced6m 118Rate Limiting and Account Lockout Policyadvanced5m 119The Threat Modeling Processadvanced6m 120The Forward Secrecy In Practiceadvanced5m 121The Infrastructure as Code Scanningadvanced6m 122The Secure Software Development Lifecycleadvanced6m