One of the primary concerns for both the developers and users of web applications is security. With the increase in information sharing due to social networking and the massive adoption of the web as a means of conducting business and delivering services, web applications have become prime targets for malicious hackers to exploit. Given the value of “web properties,” the ability to protect these assets from malicious exploits has become a required tool in the software engineer’s tool belt.
In this course you will learn the most fundamental application-level security concepts. In addition, you will learn about the basic building blocks of security—encryption and cryptographic systems—along with how these can be used to build a sound user authentication system. More importantly, you will be able to use this knowledge to evaluate off-the-shelf authentication packages, and better understand the options they provide. You will learn about the SSL/HTTPS protocols, and how to enable them in your web applications to support encrypted communication between the browser and web server. You will also learn how to use authorization and access control in your web applications in order to ensure that users are only able to access the data they are entitled to view. Next, we will cover the most important types of attacks that your web applications will be exposed to, and we will describe how to guard against them.
Greg Heileman and Manel Martínez-Ramón