Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

KU Leuven University

Web Security Fundamentals

KU Leuven University via edX


Web applications are inherently insecure, as aptly illustrated by a pile of recent events. Insecurity is however not fundamental to the web platform. As a matter of fact, the modern web offers a variety of powerful security features that help stop a hacker. Unfortunately, not many developers have the knowledge and skills to leverage these security features to their full potential.

This course is imperative for understanding the fundamental security principles of the web. The course provides an overview of the most common attacks, and illustrates fundamental countermeasures that every web application should implement. In essence, this course offers you the knowledge and skills to build better and more secure applications.

This MOOC will introduce you to the web security landscape. Throughout the course, you will gain insights into the threats that modern web applications face. You’ll build an understanding of common attacks and their countermeasures; not only in theory, but also in practice. You’ll be provided with an overview of current best practices to secure web applications

Although no previous security knowledge is necessary to join this course, it will help to be familiar with the basic concepts behind web applications, including HTTP, HTML, and JavaScript.


Week 1: Is security an illusion?

Introduction to the web security landscape, and an overview of the most relevant threats. Understanding the security model of the web, and the recent evolution towards client-centric security.

Week 2: Securing the communication channel
Understanding the dangers of an insecure communication channel. Practical advice on deploying HTTPS, and dealing with the impact on your application. Insights into the latest evolutions for HTTPS deployments.

Week 3: Preventing unauthorized access
Understanding the interplay between authentication, authorization and session management. Practical ways to secure the authentication process, prevent authorization bypasses and harden session management mechanisms.

Week 4: Securely Handling untrusted data
Investigation of injection attacks over time. Understanding the cause behind both server-side and client-side injection attacks. Execution of common injection attacks, and implementation of various defenses.

Week 5: Conclusion
Putting the contents of this course into perspective, and relating it back to the most relevant threats from the introduction. Overview of current best practices for building secure web applications.

Taught by

Philippe De Ryck


4.2 rating, based on 21 Class Central reviews

Start your review of Web Security Fundamentals

  • Richard Hornsby
    TL;DR: Overall, I strongly recommend this course to web application developers and their ops/security partners. The course doesn't simply present a bunch of major weaknesses in web apps and then throw up its hands, but rather presents each vector in…
  • Anonymous
    An absolutely challenging course. It is longer that it seems at the beginning because you have to deep into the related material and the links provided in the extended information to fully understand the concepts. The labs are well planned and help to further understanding. The questions are more difficult than other courses in edX because you have to think and understand the concepts rather than memorize the theory. Finally, the profesor is an especialist and passionate of his job and transmits this passion and knowledge to the students. This course is a "must do" to every web developer and also for system administrators.
  • Anonymous
    This is one of the highest quality courses I'm taking on edX both teaching-wise as well as excellent video, sound, and slide quality. Even though not all of the material might be news for web developers, I gained valuable insights and it also motivated and gave me the right tools and starting points to dive deeper into certain topics. The interviews with industry pros were a great addition.
  • Anonymous
    The course lectures are NOT concise OR well prepared. Especially disliked the lab sessions giving hands-on experience with different security concepts, as well as guest interviews. The tests are way easy and composed in a way that promotes regurgitation of the material. Poor professionally crafted course!
  • Anonymous
    This course really covers a lot of security issues, and trying them yourself and how to fix them.

    It's really clear that there was a lot of effort put in this course, from the beginning to the end.

    I really recommend this course, and I'm happy that I found and took it.
  • Anonymous
    I don't know about the other reviewers, but this course was very different than I expected. It went too fast and was too hard!
  • Anonymous
    Awesome course. Useful info for any developer.
    This course forced me to review all my code / apps.
    Thank you Philippe :)
  • Anonymous
    This course is sadly still very relevant today and still captures the issues that are prevalent on the modern web in late 2019. I cruised through the video lectures and lab sessions and could only stop now and then to apply my newfound knowledge to some real world exercise. The exercises in the lab sessions are very well done and will respectfully hold your hand in the start but will soon give you the freedom to let you try to figure out how to attack and and fix stuff by yourself. I am very glad to have completed this course!
  • Ravi Kant Gupta
    This course covers a lot of areas related to web security and guides step by step the common mistakes and ramifications in securing web application. A well-organized lab for many of the sessions helps in understanding the issues practically.
    It also provides a good overview of the latest changes in the ecosystem to make applications more secure. It's a must do for all the developers who are interested in building secure applications.
  • Anonymous
    thank you for making this course .this is one of the best courses i have taken on web security they teach every thing from basic to high level in a great way in the beginning it may seem slow but this course has a lot of content which helps you to start your carrer . the labs are also great i really enjoyed this course .
  • Anonymous
    The course lectures are concise and well prepared. Especially enjoyed the lab sessions giving hands-on experience with different security concepts, as well as guest interviews. The tests are not easy and composed in a way that promotes deeper understanding of the material. Great professionally crafted course!
  • Anonymous
    TL;DR: Overall, I don't recommend this course to web application developers and their ops/security partners. The course presents a bunch of major weaknesses in web apps and then throws up its hands, and doesn't present each vector in detail to show you how to mitigate or eliminate the problem.
  • Very challenging (for me at least) but it was an excellent course. I was never taught a lot of this stuff in school (either for Undergrad or Master's) so I'm glad I took this course. I think it contains a lot of essential information for web developers. I highly recommend it.
  • Simply excellent!!!. In my opinion, this is one of the best MOCs I have ever studied. Maybe, some of the tests were a bit tricky on some occasions. Honestly, I had not much time free, however, it was so interesting that I had not any doubt to go ahead and finish it.
  • Profile image for Jader Santos
    Jader Santos
    The course is really useful for everyone who develops web applications. Only with video classes one can easily forget the true nature of a security breach, but this course comes with the pratical labs that consolidate the learning.
  • Anonymous
    A must do. A high quality course completed with very challenging questions and exams. They forces you to reflect, study and deeply grasp the material. Topics, data and materials are really recent and up to date.
  • Anonymous
    Very well explained and presented class about major security OWASP aspects of Internet communication. it is opening the path to more advanced topics. Thank you Phillippe, well done.
  • Bob
    I spent lots of time and energies on this course, but the lessons were not clear, and I couldn't follow anything. My effort was there, but this just was poorly designed!
  • Anonymous
    This course is so informative and useful. It keeps me watching it continuously. It deserves a 5-star. Well done and keep up with the good work.
  • Anonymous
    Excellent, well-structured course. Very usefull course, covering all the actual web security issues and how to deal with them. Thanks

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.