HomeCoursesWeb Application Security for the Everyday Software Engineer

Intermediate

Updated 3 weeks ago

Web Application Security for the Everyday Software Engineer
Save

Gain insights into enforcing web app security best practices, such as HTTPS, defending against XSS and clickjacking, managing HTTP cookies, and warding off DDoS attacks.

Join 2.7 million developers at

Overview

Content

Reviews

There are more vulnerabilities than ever when creating applications for the web, so it is extremely important that software developers enforce security best practices such as, how to add protection through HTTP headers. In this course, you will start off by learning how to prevent fraudulent SSL certificates from being served to clients, before moving on to how to defend against XSS attacks and clickjacking. In the latter half of the course, you’ll learn security practices related to HTTP cookies, and tips around security tradeoffs that you’ll make in your day-to-day work. Towards the end, you’ll learn how to ward off DDoS attacks, which is crucial when your application scales. This course will demystify web security, and help you stay on top of important security-related concerns in your web apps.

There are more vulnerabilities than ever when creating applications for the web, so it is extremely important that software deve...Show More

Content

72 Lessons7 Quizzes

Introduction

4 Lessons

Get familiar with essential web app security practices, audience focus, formatting, and future content.

Introduction to the Course

Who This Course Is For?

Formatting

Errata and Additional Content

Understanding The Browser

5 Lessons

Look at browser mechanics to understand functionality, security, and development tools.

Browser Basics

What Does a Browser Do?

Vendors

A Browser for Developers

Quiz Yourself on Browsers

HTTP

7 Lessons

Break apart HTTP's mechanisms, security enhancements, and essential distinctions for secure communication.

Introduction to HTTP

How HTTP Works

Mechanics: HTTP vs HTTPS vs H2

Mechanics: Encryption

HTTPS Everywhere

GET vs POST

Quiz Yourself on HTTP

Protection through HTTP Headers

12 Lessons

Find out about enhancing web security through various HTTP headers and their practical applications.

HTTP Strict Transport Security

HTTP Public Key Pinning

Expect-CT

X-Frame-Options

Content-Security-Policy

X-XSS-Protection

Feature-Policy

X-Content-Type-Options

Cross Origin Resource Sharing

X-Permitted-Cross-Domain-Policies & Referrer-Policy

The reporting API

Quiz Yourself on HTTP Headers

HTTP Cookies

11 Lessons

Map out the steps for understanding, implementing, and securing HTTP cookies in web development.

Introduction HTTP Cookies

What's Behind a Cookie?

Session and Persistent Cookies

Host-only

Supercookies

Encrypt it Or Forget it

JavaScript Can't Touch This

SameSite: The CSRF Killer

Alternatives

Conclusion: What Would LeBron Do?

Quiz Yourself on HTTP Cookies

Situationals

16 Lessons

Focus on making security-focused decisions in software engineering to enhance web app protection.

Introduction to Situationals

Denylisting vs. Allowlisting

Logging Secrets

Never Trust The Client

Generating Session IDs

Querying Your Database While Avoiding SQL Injections

Dependencies With Known Vulnerabilities

Have I Been Pwned?

Session Invalidation in a Stateless Architecture

My CDN Was Compromised!

The Slow Death of EV Certificates

Paranoid Mode: On

Low-priority and Delegated Domains

OWASP

Hold The Door

Quiz Yourself on Situationals

DDoS Attacks

7 Lessons

Build on understanding DDoS attacks, their mechanics, real-world examples, and mitigation strategies.

Introduction to DDoS

Anatomy of a DDoS

Why Would Anyone Bomb Me?

Notable DDoS Attacks

Don't Panic: Some Services to The Rescue!

Hackers Welcome

Quiz Yourself on DDoS Attacks

Bug Bounty Programs

7 Lessons

Learn how to use bug bounty programs to enhance software security through ethical collaboration.

Introduction to Bug Bounty Programs

What's in a Program?

Security.txt

HackerOne

Dealing With Researchers

Malicious Reporters

Quiz Yourself on Bug Bounty Programs

Conclusion

3 Lessons

Get started with viewing security as an ongoing journey, future-proofing updates, and community appreciation.

This Is The End

In the Works

A Few Thank Yous

Deploy an API to Production Using Nginx

Project

Certificate of Completion

Showcase your accomplishment by sharing your certificate of completion.

Course Author:

Alex Nadalin

Developed by MAANG Engineers

Every Educative resource is designed by our in-house team of ex-MAANG software engineers and PhD computer science educators — subject matter experts who’ve shipped production code at scale and taught the theory behind it. The goal is to get you hands-on with the skills you need to stay ahead in today's constantly evolving tech landscape. No videos, no fluff — just interactive, project-based learning with personalized feedback that adapts to your goals and experience.

Trusted by 2.7 million developers working at companies

"These are high-quality courses. Trust me. I own around 10 and the price is worth it for the content quality. EducativeInc came at the right time in my career. I'm understanding topics better than with any book or online video tutorial I've done. Truly made for developers. Thanks"

Anthony Walker

@_webarchitect_

"Just finished my first full #ML course: Machine learning for Software Engineers from Educative, Inc. ... Highly recommend!"

Evan Dunbar

ML Engineer

"You guys are the gold standard of crash-courses... Narrow enough that it doesn't need years of study or a full blown book to get the gist, but broad enough that an afternoon of Googling doesn't cut it."

Carlos Matias La Borde

Software Developer

"I spend my days and nights on Educative. It is indispensable. It is such a unique and reader-friendly site"

Souvik Kundu

Front-end Developer

"Your courses are simply awesome, the depth they go into and the breadth of coverage is so good that I don't have to refer to 10 different websites looking for interview topics and content."

Vinay Krishnaiah

Software Developer

"I've tried probably 5-7 different sites and Educative is easily the best. It perfectly blends explanation with interactivity"

Eric Downs

Musician/Entrepeneur

Hands-on Learning Powered by AI

See how Educative uses AI to make your learning more immersive than ever before.

Instant Code Feedback

Evaluate and debug your code with the click of a button. Get real-time feedback on test cases, including time and space complexity of your solutions.

AI Mock Interviews

Test your skills in a simulated interview setting. Receive personalized feedback based on your performance. Available for Coding Interviews, System Design, and more.

Adaptive Learning

At various checkpoints throughout Educative courses, you will be prompted to take a quick assessment. Receive a condensed curriculum tailored to your strengths and skill gaps.

Explain with AI

Select any text within any Educative course, and get an instant explanation — without ever leaving your browser.

AI Code Mentor

AI Code Mentor helps you quickly identify errors in your code, learn from your mistakes, and nudge you in the right direction — just like a 1:1 tutor!

Course

Practical Security: Simple Practices for Defending Your Systems

Gain insights into effective security techniques including patching, cryptography, and phishing prevention. Explore practices to make systems resistant and vulnerabilities more detectable, enhancing defense against attacks.

9 h

intermediate

Course

Password Security: How not to Store Passwords

1 h

intermediate

Course

A Hands-on Guide to Angular

Discover Angular's core concepts and advance to building a complete SPA. Gain hands-on experience by creating modules, components, forms, routing, and APIs in an e-commerce app.

16 h

intermediate

Course

Django: Python Web Development Unleashed

Gain insights into Django, a Python framework for rapid web development. Discover hands-on learning with interactive widgets and build a portfolio-worthy Django project.

12 h

intermediate

Course

Grokking Computer Networking for Software Engineers

Discover networking essentials for software engineers, delving into client-server architectures, Python socket programming, command-line tools, and key network protocols. Gain hands-on experience in distributed processing.

20 h

beginner

Course

Building Full-Stack Web Applications with AdonisJs

Gain insights into AdonisJs fundamentals. Delve into routes, controllers, middleware, and hooks. Discover practical examples, illustrations, and quizzes to confidently build your full-stack applications.

intermediate

Course

Angular: Designing and Architecting Web Applications

Gain insights into designing scalable Angular applications. Learn about components, directives, routing, RXJS, forms, and Firebase authentication to develop rich, interactive web solutions.

20 h

beginner

Course

Machine Learning with NumPy, pandas, scikit-learn, and More

Delve into practical machine learning with NumPy, pandas, scikit-learn, and more. Gain insights into data analysis, feature engineering, and deep learning using industry-standard frameworks. Basic Python required.

15 h

intermediate

Course

Practical Security: Simple Practices for Defending Your Systems

intermediate

9 hour

Course

Password Security: How not to Store Passwords

intermediate

1 hour

Course

A Hands-on Guide to Angular