Play by Play: Website Security Review with Troy Hunt and Lars Klint
Learn to assess the security profile of your own web applications and identify security risks before attackers do.
What you'll learn
Frequently, the first thing a developer knows of a serious security flaw in their application is when it’s too late and it’s already been exploited. There’s a broad range of security risks and corresponding mitigations within web applications and it’s absolutely essential that developers learn how to identify these themselves. This course walks through a typical security review of an established web application and identifies which practices have been done well and then which ones could be improved. It’s a technology agnostic course – it doesn’t matter whether you work in ASP.NET or Node or PHP, this is all about the web and applies equally to all apps that run in the browser.
Table of contents
- Introduction 1m
- About the App - "Falling Into the Pit of Success" 2m
- Account Management 3m
- Security in a Box... Not 3m
- HTTP: Start There and Stay There 1m
- Grading Your HTTPS Configuration 2m
- HTTP Strict Transport Security 4m
- Preventing Account Enumeration 7m
- Brute Force Attacks, Throttling, and Account Lockout 7m
- Third-party Identity Providers 1m
- Password Strength 2m
- Password Validation 5m
- Anti-automation (AKA Captcha) 5m
- Multiple Simultaneous Logins 5m
- Summary 1m
- The OWASP Top 10 5m
- Injection 5m
- Broken Authentication and Session Management 12m
- Cross-Site Scripting (XSS) 12m
- Insecure Direct Object References 5m
- Overlay Information Response Headers 4m
- X-Frame-Options 3m
- Cross-Site Request Forgery (CSRF) 4m
- Automated Security Scanning 4m
- Final Thoughts/Conclusion 1m
About the authors
Troy Hunt is a Microsoft Regional Director and MVP for Developer Security, an ASPInsider, and a full time Author for Pluralsight—a leader in online training for technology and creative professionals. Troy has been building software for browsers since the very early days of the web and possesses an exceptional ability to distill complex subjects into relatable explanations. This has led Troy to become an industry thought leader in the security space and produce more than twenty top-rated courses ... more
Lars is a Principal Magician with Arkahna, author, trainer, Microsoft MVP, community leader, aspiring Microsoft Azure expert and part time classic car collector. He is heavily involved in the space of cloud computing services, especially Azure, and is a published author, solution architect and writer for numerous publications. He has been a part of the software development community for the past 20 years and co-organises the DDD Melbourne community conference, organises developer events with Mic... more