Web Application Security for Absolute Beginners (no coding!)

Soerin Bipat, Teacher, PhD candidate & IT consultant

Play Speed
  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x
16 Videos (57m)
    • Promo Web Application Security for Absolute Beginners

      1:22
    • Injection

      3:31
    • Broken Authentication and Session Management

      4:11
    • Cross site scripting

      3:00
    • Broken access control

      3:22
    • Security misconfiguraton

      4:59
    • Sensitive data exposure

      5:00
    • Insufficient attack protection

      2:19
    • Cross site request forgery

      4:14
    • Using components with known vulnerabilities

      5:30
    • Underprotected APIs

      4:28
    • Bonus + defense in depth

      4:30
    • Bonus STRIDE

      3:02
    • Bonus Software development process

      5:09
    • FAQ SSL LABS

      1:14
    • FAQ Test hacking skills

      1:12

About This Class

This course will teach you the 10 most common threats identified by the Open Web Application Security Project (OWASP). At the end of the course you will understand: 
 
1) what the top 10 threats and are, 
2) the impact per threat for your business 
3) how these threats can be executed by attackers 
4) how these threats can be mitigated 

You will able to understand the above-mentioned points without having to understand code...

How is that possible? 
The threats are explained conceptually, since the implementation of a threat may differ per situation. Therefore, having a general understanding of the threats, its implications and potential solutions will provide you with the essential knowledge to mitigate the impact of these threats. 

So, after following this course am I able to develop code-based solutions for the top 10 threats? 
No. This course will teach you the basic concepts behind the 10 most common threats so that you can critically question and discuss these security issues with software/operational engineerings.

Uhm, after following this course I'm a full-fledged security expert, right?
Depends on the knowledge of the person that is judging your expertise. Most likely this won't be the case.  

What!?! Why should I enroll? 
Only enroll when you are new to secure coding, secure web development and want a complete beginners’ perspective on web application security. This course is specifically developed for:

- (Project) managers that lead software projects, but have no clue how software engineers could mitigate potential security issues 
- Recruiters hiring software engineers
- Software engineers that want to refresh their knowledge on web application security
- Anyone interested in the basics of web application security, explained in layman’s terms

Ok, but there is already a lot of information on OWASP available on the web. So, what’s in it for me? 
I thought you would never ask! This course differentiate itself from existing available information because: 
- Existing OWASP documentation is technical and therefore difficult to comprehend (I'll include some examples of technical documents as a resources that you may download).
- I'll update this course with new videos on request or as significant security issues surface that have important implications for managers. Thus, over time this course may become your one-stop security education! 
- I've included lots of documents that explain detailed mitigation strategies. Please note that these documents contain code and are therefore more suited for people that are implementing or testing security fixes.  
- I've included lots of links to websites that provide comprehensive background information. 
- That's not it, there is more...   

BONUS Material: 
- Defense in depth
- Basic explanation of STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege).
- Overview of a secure software development process
- Frequently asked questions. Ask a security question and I'll answer it with a video.

Why include bonus material, is the main course not exciting enough? 
Again, excellent question! Getting security right goes well beyond web application security. With the bonus material, I would like to inform you about the complementary measures that should be taken into account.

I’m fully convinced of the benefits, but I don’t see why I should learn all this from you. 
True, let me explain by giving you an overview of my experience: 
- Parttime PhD Candidate (4 years - present). I read the science, you'll get the knowledge! 
- Software quality consultant (5 years - present). I've advised many managers of large / small IT projects on various software related aspects 
- IT auditor (1 year). I have closely worked with accountants and audited large governmental IT projects  
- Quality assurance engineer (3 years). I have implemented large IT systems for large companies. 

You can find more details on LinkedIn on or my profile.

Go ahead and click the enroll button, and I'll see you in lesson 1!

Cheers, 
Soerin

2

Students

--

Projects

0

Reviews (0)

Soerin Bipat

Teacher, PhD candidate & IT consultant

Teacher, PhD candidate, IT consultant and Entrepreneur

See full profile