Course

Skills

What Every Developer Must Know About HTTPS

by Troy Hunt

HTTPS is an essential component of any software running on the web. This course teaches developers how to get their apps talking securely over the web, while avoiding the common pitfalls so many sites fall victim to.

Preview this course

Try for free

Get this course plus top-rated picks in tech skills and other popular topics.

$29.00

per month after 10 day trial

Your 10 day Standard free trial includes

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.

For teams

Give up to 50 users access to our full library including this course free for 30 days

Course info

Rating

(381)

Level

Beginner

Updated

Jan 13, 2023

Duration

3h 24m

What you'll learn

Securing the transport layer of any application talking over the web is becoming an absolutely essential attribute of modern software. However, HTTPS is frequently not implemented due to perceived (rather than actual) barriers and when it is, it's often done poorly. Not only that, but many modern browser features that can help streamline secure communications (and actually make it more efficient and resilient) are rarely used. In this course, What Every Developer Must Know About HTTPS, you will learn all about why you need HTTPS. First, you'll learn the many positive things that HTTPS does. Next, you'll learn about what many people perceive as barriers to HTTP adoption. Finally, you'll spend some time exploring some topics that go outside of the the basics of HTTPS. By the end of this course, you'll have a fundamental knowledge to both implement HTTPS properly from the outset and retrofit it to existing applications.

Course Overview

1min

Course Overview 2m

The HTTPS Value Proposition

37mins

HTTPS Fundamentals

28mins

Overview 2m
Certificate Authorities 7m
SSL and TLS 4m
The TLS Handshake 2m
Issuing Certs for Development 3m
Intercepting HTTPS Traffic During Debugging 6m
Using badssl.com 2m
Summary 2m

Securing the Application

44mins

Overview 2m
Redirecting from HTTP to HTTPS 7m
HTTP Strict Transport Security (HSTS) 5m
Preloading HSTS 7m
Understanding Mixed Content 9m
Using a CSP to Upgrade or Block Insecure Requests 7m
Secure Cookies 4m
Summary 3m

Overcoming (Perceived) Barriers to HTTPS

48mins

Overview 2m
The Impact of HTTPS on Server Performance 5m
Making HTTPS Go Fast on Clients 7m
HTTPS Adoption of Downstream Services 6m
Cost and Complexity 4m
Using Let’s Encrypt for Free 10m
Using Cloudflare for Free 11m
Summary 3m

Beyond the Basics

43mins

Overview 2m
TLS and HTTPS Acronyms 5m
Public Key Pinning 6m
SSL Labs 7m
Extended Validation Certificates 6m
Other Reasons to Adopt HTTPS 5m
HTTPS Blind Spots 5m
The Tide Is Rapidly Turning 3m
Summary 3m

About the author

Troy Hunt

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security, an ASPInsider, and a full time Author for Pluralsight—a leader in online training for technology and creative professionals. Troy has been building software for browsers since the very early days of the web and possesses an exceptional ability to distill complex subjects into relatable explanations. This has led Troy to become an industry thought leader in the security space and produce more than twenty top-rated courses ... more

See more courses by Troy Hunt

Try for free

Get this course plus top-rated picks in tech skills and other popular topics.

$29.00

per month after 10 day trial

Your 10 day Standard free trial includes

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.

For teams

Give up to 50 users access to our full library including this course free for 30 days

Course info

Rating

(381)

Level

Beginner

Updated

Jan 13, 2023

Duration

3h 24m

Ready to upskill? Get started

Contact Sales

What Every Developer Must Know About HTTPS

What you'll learn

Table of contents

About the author

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Contact Sales

What Every Developer Must Know About HTTPS

What you'll learn

Table of contents

About the author

Get access now

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Ready to skill up
your entire team?

Ready to skill up
your entire team?