The focus is highlighting how hackers attack applications along with a broad arsenal of defenses. This will enable you to pick appropriate techniques to close vulnerabilities while still providing users with their needed functionality.
Topics covered include:
- A framework for deciding what needs to be protected and how strongly
- Configuring services such as databases and web servers
- Safe use of HTTP methods such as GET, POST, etc, cookies and use of HTTPS
- Safe REST APIs
- Server-side attacks and defenses such as injection and cross-site scripting
- Client-side attacks and defenses such as cross-site request forgery
- Security techniques such as CORS, CSP
- Password management, authentication and authorization, including OAuth2
- Best practices for dangerous operations such as password change and reset
- Use of third-party components and supply chain security (Git, CI/CD etc)
What You'll Learn
- Review the defenses that can used to prevent attacks
- Model risks to better understand what to defend and how
- Choose appropriate techniques to defend against attacks
- Implement defenses in Python/Django applications
- Developers who already know how to build web applications but need to know more about security
- Non-professional software engineers, such as scientists, who must develop web tools and want to make their algorithms available to a wider audience.
- Engineers and managers who are responsible for their product/company technical security policy