Web security: Attacks and Prevention

Do you to know about the dangers that threaten you in web development?
Or you are security specialist, who craves for new knowledge?
Great, this course had been developed especially for you!


Why do I need to take this course?

  • Be in trend of actual web attacks
  • Do not repeat recurrence of security errors in designing and developing applications
  • To improve your professional expertise

Who should take this course?

  • Developers and architects for creating and designing safety applications
  • Information security experts to improve their skills
  • Penetration testers for understanding of the attacks causes and discover more vulnerabilities

2GIS

After completing the course, I began to pay attention to the code that I had previously ignored. Thanks to the content I found serious errors during quality control process.

/ Andrey Usov, QA Engineer, 2GIS

Alawar

An excellent course - clear text, each sentence is verified. I especially like quizzes, questions make you to puzzle over

/ Max, Software Developer / Alawar

Pushwoosh

You can find a lot of wrong information in Internet about security the use of which creates an illusion of protection. It’s a pleasure that so much quality material has been collected in one site.

/ Igor, Software Engineer / Pushwoosh, Inc


Syllabus

Try free trial now

Cross-Site Request Forgery (CSRF) is an attack that allows an attacker to make requests to various sites under victim user. If the victim comes to a site containing a malicious code, a request is sent from her username to another service (social network) performing a destructive action (deleting the user's account).

Explanation   Prevention   Quiz

Cross-Site WebSocket Hijacking is an attack that allows an attacker to communicate via WebSocket with the vulnerable server on behalf of a victim, provided that user’s session is stored in Cookie.

Explanation   Prevention   Quiz

Clickjacking or "Hijacking click" is an attack that allows an attacker to click as victim user on a vulnerable website.

Explanation   Prevention   Quiz

Referer leakage is a leak confidential data to third-party resources via HTTP header Referer.

Explanation   Prevention   Quiz

Password attacks are various methods of hacking aimed at obtaining user passwords, or bypassing password verification. This group of attacks include brute force, stealing and interception of passwords.

Explanation   Prevention   Quiz

SQL injection — is a type of code injection attack on applications that work with Databases, through the injection of arbitrary SQL-code into the query.

Explanation   Prevention   Quiz

Cross-Site Scripting (XSS) is a kind of code injection attack in which an attacker inserts arbitrary Javascript code into the page of attacked web site that will be executed in visitor's web browser when he opens the page. The built-in code will be executed in the scope of the attacked domain, which is a bypass Same-origin policy.

Explanation   Prevention   Quiz

Content Spoofing an attack in which an attacker replaces the contents of the page, which displayed to the user, without using XSS attack.

Explanation   Prevention  

Cross-Site Script Inclusion (XSSI) is an attack, that use exceptions Same-origin policy to obtain confidential data from a code of another origin.

Explanation   Prevention  

Time Of Check – Time Of Use (TOCTOU) is an extensive class of synchronization problems. Between the resource check and its use, there is always a time interval during which there may be a loss of access to a resource, a resource change, or a change in the state of a resource.

Explanation   Prevention  

Timing attack is a kind of side channel attacks, in which an attacker receives confidential information about the system by measuring the execution time of operations by supplying various input data.

Explanation   Prevention  

Server Side Request Forgery (SSRF) is an attack that allows an attacker to make requests from a vulnerable server (web site) to the internal network (Intranet). It is not possible to send a direct request to the internal network of the attacked infrastructure from outside.

Explanation   Prevention  

HTTP Response Splitting is an attack type that allows attacker to embed arbitrary data via HTTP response headers.

Explanation   Prevention   Quiz
Web-security course

WEB SECURITY
Attacks and Prevention

  • Actual web attacks with examples
  • A wrong ways of preventing attacks
  • Security methods guaranties elimination of attacks
  • Quizzes for the material fixation