Web Application Security for the Everyday Software Engineer

Gain insights into enforcing web app security best practices, such as HTTPS, defending against XSS and clickjacking, managing HTTP cookies, and warding off DDoS attacks.

Intermediate

72 Lessons

Certificate of Completion

Gain insights into enforcing web app security best practices, such as HTTPS, defending against XSS and clickjacking, managing HTTP cookies, and warding off DDoS attacks.

AI-POWERED

Explanations

AI-POWERED

Explanations

This course includes

12 Playgrounds

7 Quizzes

This course includes

12 Playgrounds

7 Quizzes

Course Overview

There are more vulnerabilities than ever when creating applications for the web, so it is extremely important that software developers enforce security best practices such as, how to add protection through HTTP headers. In this course, you will start off by learning how to prevent fraudulent SSL certificates from being served to clients, before moving on to how to defend against XSS attacks and clickjacking. In the latter half of the course, you’ll learn security practices related to HTTP cookies, and ti...Show More

Course Content

Introduction

Get familiar with essential web app security practices, audience focus, formatting, and future content.

Introduction to the Course

Who This Course Is For?Formatting Errata and Additional Content

Understanding The Browser

Look at browser mechanics to understand functionality, security, and development tools.

Browser Basics What Does a Browser Do?Vendors

A Browser for Developers Quiz Yourself on Browsers

HTTP

Break apart HTTP's mechanisms, security enhancements, and essential distinctions for secure communication.

Introduction to HTTP How HTTP Works Mechanics: HTTP vs HTTPS vs H2 Mechanics: Encryption HTTPS Everywhere GET vs POST Quiz Yourself on HTTP

Protection through HTTP Headers

Find out about enhancing web security through various HTTP headers and their practical applications.

HTTP Strict Transport Security HTTP Public Key Pinning Expect-CT

X-Frame-Options Content-Security-Policy X-XSS-Protection Feature-Policy X-Content-Type-Options Cross Origin Resource Sharing X-Permitted-Cross-Domain-Policies & Referrer-Policy The reporting API Quiz Yourself on HTTP Headers

HTTP Cookies

Map out the steps for understanding, implementing, and securing HTTP cookies in web development.

Introduction HTTP Cookies What's Behind a Cookie?Session and Persistent Cookies Host-only Supercookies Encrypt it Or Forget it JavaScript Can't Touch This SameSite: The CSRF Killer Alternatives Conclusion: What Would LeBron Do?Quiz Yourself on HTTP Cookies

Situationals

16 Lessons

Focus on making security-focused decisions in software engineering to enhance web app protection.

DDoS Attacks

7 Lessons

Build on understanding DDoS attacks, their mechanics, real-world examples, and mitigation strategies.

Bug Bounty Programs

7 Lessons

Learn how to use bug bounty programs to enhance software security through ethical collaboration.

Conclusion

3 Lessons

Get started with viewing security as an ongoing journey, future-proofing updates, and community appreciation.

Course Author

Trusted by 1.4 million developers working at companies

Anthony Walker

@_webarchitect_

Emma Bostian 🐞

@EmmaBostian

Evan Dunbar

ML Engineer

Carlos Matias La Borde

Software Developer

Souvik Kundu

Front-end Developer

Vinay Krishnaiah

Software Developer

Eric Downs

Musician/Entrepeneur

Kenan Eyvazov

DevOps Engineer

Anthony Walker

@_webarchitect_

Emma Bostian 🐞

@EmmaBostian

Hands-on Learning Powered by AI

See how Educative uses AI to make your learning more immersive than ever before.

Instant Code Feedback

Evaluate and debug your code with the click of a button. Get real-time feedback on test cases, including time and space complexity of your solutions.

AI-Powered Mock Interviews

Put your skills to the test in a simulated interview setting. Receive personalized feedback based on your performance. Available in Premium & Premium Plus plans.

Adaptive Learning

At various checkpoints throughout Educative courses, you will be prompted to take a quick assessment. Receive a condensed curriculum tailored to your strengths and skill gaps.

Explain with AI

Select any text within any Educative course, and get an instant explanation — without ever leaving your browser.

AI Code Mentor

AI Code Mentor helps you quickly identify errors in your code, learn from your mistakes, and nudge you in the right direction — just like a 1:1 tutor!