new.tar.gz

node

cookies

hsts

hsts-https

cookies-https

clickjacking

cors

There are more vulnerabilities than ever when creating applications for the web, so it is extremely important that software developers enforce security best practices such as, how to add protection through HTTP headers.

In this course, you will start off by learning how to prevent fraudulent SSL certificates from being served to clients, before moving on to how to defend against XSS attacks and clickjacking. 

In the latter half of the course, you’ll learn security practices related to HTTP cookies, and tips around security tradeoffs that you’ll make in your day-to-day work. Towards the end, you’ll learn how to ward off DDoS attacks, which is crucial when your application scales.

This course will demystify web security, and help you stay on top of important security-related concerns in your web apps.

Web Application Security for the Everyday Software Engineer

## What is a DDoS attack?
A DDoS attack is a special type of offense that a malicious user throws against you. It generates an incredible amount of traffic towards your servers so that they can no longer accept genuine traffic, rendering your service unavailable.

## What is a DoS attack?
The simplest form of a DDoS attack is a DoS, otherwise known as, you guessed it, Denial of Service. This attack is, fundamentally, a DDoS without being distributed, meaning that the source of the attack is fixed, a machine that repeatedly sends traffic to a network, attempting to bring it down. 

Blocking a DoS attack is usually a simple task, as one could simply create a firewall rule banning the IP address that generates the disproportionate amount of traffic. DoS attacks are generally easier to mitigate, therefore we’ll simply refer to DDoS throughout this chapter, as we believe they are a much bigger threat to our web applications than DoS. A large portion of the mechanics behind them are exactly the same, with the only difference being the originator(s) of the attack. A DoS is a machine attempting to bring down a server through network requests, a DDoS is multiple machines performing a DoS.



# What is a DDoS attack?
A DDoS attack is a special type of offense that a malicious user throws against you. It generates an incredible amount of traffic towards your servers so that they can no longer accept genuine traffic, rendering your service unavailable.

# What is a DoS attack?
The simplest form of a DDoS attack is a DoS, otherwise known as, you guessed it, Denial of Service. This attack is, fundamentally, a DDoS without being distributed, meaning that the source of the attack is fixed, a machine that repeatedly sends traffic to a network, attempting to bring it down. 

Blocking a DoS attack is usually a simple task, as one could simply create a firewall rule banning the IP address that generates the disproportionate amount of traffic. DoS attacks are generally easier to mitigate, therefore we’ll simply refer to DDoS throughout this chapter, as we believe they are a much bigger threat to our web applications than DoS. A large portion of the mechanics behind them are exactly the same, with the only difference being the originator(s) of the attack. A DoS is a machine attempting to bring down a server through network requests, a DDoS is multiple machines performing a DoS.



In this lesson, we'll study distributed denial of service attacks.

Introduction

Understanding The Browser

HTTP

Protection through HTTP Headers

HTTP Cookies

Situationals

DDoS Attacks

Bug Bounty Programs

Conclusion

Anatomy of a DDoS

What is a DDoS attack?

What is a DoS attack?