Home>
Courses>
Web Application Security Everyday Software Engineer

Web Application Security for the Everyday Software Engineer

Gain insights into enforcing web app security best practices, such as HTTPS, defending against XSS and clickjacking, managing HTTP cookies, and warding off DDoS attacks.

Intermediate

72 Lessons

4h

Certificate of Completion

Gain insights into enforcing web app security best practices, such as HTTPS, defending against XSS and clickjacking, managing HTTP cookies, and warding off DDoS attacks.

AI-POWERED

Explanations

AI-POWERED

Explanations

This course includes

12 Playgrounds
7 Quizzes

This course includes

12 Playgrounds
7 Quizzes
Course Overview
Course Content

Course Overview

There are more vulnerabilities than ever when creating applications for the web, so it is extremely important that software developers enforce security best practices such as, how to add protection through HTTP headers. In this course, you will start off by learning how to prevent fraudulent SSL certificates from being served to clients, before moving on to how to defend against XSS attacks and clickjacking. In the latter half of the course, you’ll learn security practices related to HTTP cookies, and ti...Show More

Course Content

1.

Introduction

Get familiar with essential web app security practices, audience focus, formatting, and future content.
Introduction to the Course
Who This Course Is For?FormattingErrata and Additional Content
2.

Understanding The Browser

Look at browser mechanics to understand functionality, security, and development tools.
Browser BasicsWhat Does a Browser Do?Vendors
A Browser for DevelopersQuiz Yourself on Browsers
3.

HTTP

Break apart HTTP's mechanisms, security enhancements, and essential distinctions for secure communication.
Introduction to HTTPHow HTTP WorksMechanics: HTTP vs HTTPS vs H2Mechanics: EncryptionHTTPS EverywhereGET vs POSTQuiz Yourself on HTTP
4.

Protection through HTTP Headers

Find out about enhancing web security through various HTTP headers and their practical applications.
HTTP Strict Transport SecurityHTTP Public Key PinningExpect-CT
X-Frame-OptionsContent-Security-PolicyX-XSS-ProtectionFeature-PolicyX-Content-Type-OptionsCross Origin Resource SharingX-Permitted-Cross-Domain-Policies & Referrer-PolicyThe reporting APIQuiz Yourself on HTTP Headers
5.

HTTP Cookies

Map out the steps for understanding, implementing, and securing HTTP cookies in web development.
Introduction HTTP CookiesWhat's Behind a Cookie?Session and Persistent CookiesHost-onlySupercookiesEncrypt it Or Forget itJavaScript Can't Touch ThisSameSite: The CSRF KillerAlternativesConclusion: What Would LeBron Do?Quiz Yourself on HTTP Cookies
6.

Situationals

16 Lessons

Focus on making security-focused decisions in software engineering to enhance web app protection.
7.

DDoS Attacks

7 Lessons

Build on understanding DDoS attacks, their mechanics, real-world examples, and mitigation strategies.
8.

Bug Bounty Programs

7 Lessons

Learn how to use bug bounty programs to enhance software security through ethical collaboration.
9.

Conclusion

3 Lessons

Get started with viewing security as an ongoing journey, future-proofing updates, and community appreciation.

Course Author

Practice and apply your skills

Trusted by 1.4 million developers working at companies

Anthony Walker

@_webarchitect_

Emma Bostian 🐞

@EmmaBostian

Evan Dunbar

ML Engineer

Carlos Matias La Borde

Software Developer

Souvik Kundu

Front-end Developer

Vinay Krishnaiah

Software Developer

Eric Downs

Musician/Entrepeneur

Kenan Eyvazov

DevOps Engineer

Anthony Walker

@_webarchitect_

Emma Bostian 🐞

@EmmaBostian

Hands-on Learning Powered by AI

See how Educative uses AI to make your learning more immersive than ever before.

Instant Code Feedback

Evaluate and debug your code with the click of a button. Get real-time feedback on test cases, including time and space complexity of your solutions.

AI-Powered Mock Interviews

Adaptive Learning

Explain with AI

AI Code Mentor