This repository provides a summary of the Web Security Fundamentals MOOC by Philippe De Ryck.
As of 2017-2018, this MOOC is a mandatory part of the Development of Secure Software course at KULeuven. I initially started this document to centralise all information and to be able to quickly review the material before the exam. It is a compilation of (rewritten) transcripts of the video lectures and some extra information. Due to multiple demands, I created a github repository to easily share this with fellow students.
You can generate a PDF document by running pdflatex on main.tex.
Note: This is only a summary of a very high quality, detailed course on web security. It is not intended to be used as a replacement for the MOOC. I urge you to follow the lectures and practice using the provided tests. This document can be used to quickly revise the material once more before the exam, without the need to re-watch lectures (and potentially lose time).
Progress so far:
-
Is security an illusion?
- Getting started with edX
- Introduction
- The web security landscape
- The security model of the web
- The lab environment
- Putting things into context
-
Securing the communication channel
- Introduction
- Underpinnings of HTTPS
- Deploying HTTPS
- HTTPS in your application
- Advanced topics
- Putting things into context
-
Preventing unauthorized access
- Introduction
- Secure authentication
- Challenges to session management
- Getting authorization right
- Putting things into context
-
Securely handling untrusted data
- Introduction
- Server-side injection attacks
- Client-side injection attacks
- Advanced client-side attacks and defenses
- Putting things into context
-
Conclusion
- Overview of this course
- Overview of best practices
- Final exam
- Towards secure web applications