✅ |
Introduction |
|
|
✅ |
✅ |
|
✅ |
|
What is this course |
|
✅ |
✅ |
|
✅ |
|
How to use it |
|
✅ |
✅ |
|
✅ |
Basics of security |
|
|
✅ |
✅ |
|
✅ |
|
HTTPS > HTTP |
|
✅ |
✅ |
|
✅ |
|
Don't put sensitive data in source control |
|
✅ |
✅ |
|
✅ |
|
Authentication |
|
✅ |
✅ |
|
✅ |
|
Authorization |
|
✅ |
✅ |
|
✅ |
|
Distrustful decomposition |
Move to chapter "Best practices" |
|
|
|
✅ |
|
Input validation |
|
|
|
|
✅ |
|
Multi-level security |
Move to chapter "Security design patterns" |
|
|
|
✅ |
|
Role-based access control |
Move to chapter "Security design patterns" |
|
|
|
✅ |
|
Secure builder factory |
Move to chapter "Security design patterns" |
|
|
|
✅ |
|
Secure chain of responsibilities |
Move to chapter "Security design patterns" |
|
|
|
✅ |
|
Secure factory |
Move to chapter "Security design patterns" |
|
|
|
✅ |
|
Secure logger |
Move to chapter "Security design patterns" |
|
|
|
✅ |
|
tips for decs |
|
✅ |
✅ |
|
✅ |
Open redirects |
|
|
|
✅ |
✅ |
✅ |
|
Build it |
|
|
✅ |
|
✅ |
|
Hack it |
|
|
✅ |
|
✅ |
|
Secure it |
|
|
✅ |
|
✅ |
CSRF |
|
|
|
✅ |
✅ |
✅ |
|
Build it |
|
|
✅ |
|
✅ |
|
Hack it |
|
|
✅ |
|
✅ |
|
Secure it |
|
|
✅ |
|
✅ |
LFI |
|
|
|
✅ |
✅ |
✅ |
|
Build it |
|
|
✅ |
|
✅ |
|
Hack it |
|
|
✅ |
|
✅ |
|
Secure it |
|
|
✅ |
|
✅ |
RFI |
|
|
|
✅ |
✅ |
✅ |
|
Built it |
|
|
✅ |
|
✅ |
|
Hack it |
|
|
✅ |
|
✅ |
|
Serve it |
|
|
✅ |
|
✅ |
XXE |
|
|
|
✅ |
✅ |
✅ |
|
Build it |
|
|
✅ |
|
✅ |
|
Hack it |
|
|
✅ |
|
✅ |
|
Secure it |
|
|
✅ |
|
✅ |
XSS |
|
|
|
✅ |
|
✅ |
|
Build HTMLi |
|
|
✅ |
|
✅ |
|
Hack it |
|
|
✅ |
|
✅ |
|
Basic blacklist filter |
|
|
✅ |
|
✅ |
|
Build HTML tag attribute injection |
|
|
✅ |
|
✅ |
|
Hack it |
|
|
✅ |
|
✅ |
|
Secure it with htmlentities() |
|
|
✅ |
|
✅ |
|
Built email validation |
|
|
✅ |
|
✅ |
|
Hack it w |
|
|
✅ |
|
✅ |
|
Secure it |
|
|
✅ |
|
✅ |
JWT |
|
|
|
✅ |
✅ |
✅ |
|
Build it |
|
|
✅ |
|
✅ |
|
Hack it |
|
|
✅ |
|
✅ |
|
Secure it |
|
|
✅ |
|
|
API top 10 |
|
|
|
|
|
|
|
OWASP top 10 explained |
|
|
|
|
|
|
Build it |
|
|
|
|
|
|
Hack it |
|
|
|
|
|
|
Secure it |
|
|
|
|
|
Security misconfigs |
|
|
|
|
|
|
|
What are they |
|
|
|
|
|
|
What to look for |
|
|
|
|
|
Cloud/native hybrid infra security |
|
|
|
|
|
|
DAST vs SAST |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|