Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

egghead.io

Web Security Essentials: MITM, CSRF, and XSS

via egghead.io

Overview

As developers, we have a responsibility to protect the data our users trust us with. No one wants to wake up to the news that their site was hacked and all of the user accounts stolen.
Security is important, yet it is often overlooked and forgotten.
Part of the reason for this is that security seems hard to get right. This results in developers crossing their fingers and hoping for the best.
In this course, you'll learn how to protect your application by learning how to attack it.
Start your journey into web security today!
Check out these community notes for this course on Github.

Syllabus

  • Course Overview: Web Security Essentials
  • Simulate Man in the Middle Attacks and Inspect Network Traffic with Charles Proxy
  • Add https to a Localhost Express App to Prevent MITM Attacks
  • Redirect All HTTP Traffic to HTTPS in Express to Ensure All Responses are Secure
  • Set the Secure Cookie Flag to Ensure Cookies are Only Sent Over Secure Connections
  • Add HSTS Headers to Express Apps to Ensure All Requests are https Requests
  • Create a Proof of Concept Exploit of a CSRF Vulnerable Website
  • Mitigate CSRF Attacks by Setting the SameSite Cookie Flag in Express
  • Add CSRF Token Middleware to an Express Server to Mitigate CSRF
  • Make an XSS Payload to Read a Cookie from a Vulnerable Website
  • Set the httpOnly Cookie Flag in Express to Ensure Cookies are Inaccessible from JavaScript
  • Make an XSS Payload to Read document.body from a Vulnerable Website
  • Prevent Inline Script Execution by Implementing Script-Src CSP Headers in Express
  • Read Document Content from a Vulnerable Website via Script Tag Injection in an XSS Payload
  • Add a Nonce Based script-src Header in Express to Only Allow Scripts that Match the Nonce
  • Prompt Users for Credentials from a Vulnerable Website via iframe Injection
  • Add a default-src CSP Header in Express to Enforce an Allowlist and Mitigate XSS

Taught by

Mike Sherov

Reviews

Start your review of Web Security Essentials: MITM, CSRF, and XSS

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.