In this lesson we will explore what web application security is and why we need it.

What is web application security?

Web application security deals with securing websites, mobile apps, and web APIs. Hackers subject web applications to different kinds of attacks, with the objective of stealing data or defacing a website.

Types of attacks differ based on the mode of attack and the attacker’s objective. Common web attacks include SQL Injection, Cross-site scripting attack, Cross-site Request forgery, and Denial-of-Service attack. We will discuss some of them in the upcoming lessons.

Why do we need to secure web applications?

As many things are moving online, attackers have easier access to information shared on the internet. Millions of financial transactions take place over the Internet every day, and large amounts of private data is shared. If a web application is not secured, then it can cause a considerable loss to its users. To safeguard the interest of its users, the owners of any given website must take the necessary steps to prevent attacks. It is the responsibility of the website owners to put a proper system in place so only the intended users can view its data and perform actions on the website.


There are no prerequisites for this course. This course assumes that you are completely new to web application security and introduces all the topics from scratch.

What you will learn from this course

By the end of this course, you will be familiar with the different authentication and authorization frameworks like OAuth and OpenId Connect. You will also get to know different authentication mechanisms, like session-based and token-based authentication. Finally, you will gain a good understanding of what JSON Web Tokens are and how they work.

We will start this course by discussing some of the most common attacks on web applications. In the next lesson, we will discuss the Cross-site Scripting Attack.