Web security

Draft
This page is not complete.

This competency demonstrates skills around the top of web security, which is a subset of Information security. The articles in this section will:

  • give you knowledge of the overall area and the terminology used,
  • help you understand the most common security vulnerabilities and
  • how to avoid them through code best practices, and
  • teach you how to use common security tools to detect and repair vulnerabilities.

Anyone using the internet should understand, to at least some degree, Web Security.  From end users (who need to be able to spot common exploits such as Phishing and understand best practices like strong passwords) to web developers (who need to know what best practices to employ in their work to avoid insecure code that could put their users at risk), web security is an important topic to be familar with.

Module 1: Understanding web security basics

  • Web security intro
  • Insecure online banking: a case study
  • How web technologies are insecure
  • Evolution of the web
  • JavaScript (client-side) vulnerabilities overview
  • Server-side vulnerabilities (PHP and Node example) overview
  • Cracking, and its impact on users
  • User rights
  • SDLC primer

Module 2: Vulnerabilities in detail

  • How do vulnerabilities manifest in your web application
  • What is their effect
  • Top JavaScript (client-side) vulnerabilities in detail
  • Top Server-side vulnerabilities in detail
  • Detecting vulnerabilities
  • Security case studies

Module 3: Security testing

  • Introducing a security testing environment 
  • The tools: OWASP ZAP and Minion
  • the theory behind vulnerability detection  (crawlers, spiders, fuzzing, etc.)
  • Using ZAP / Minion to detect vulnerabilities
  • Using ZAP / Minion to test our case studies (see module 2.)

Document Tags and Contributors

 Contributors to this page: chrisdavidmills, SphinxKnight, coded9, juliamarie, khalid32
 Last updated by: SphinxKnight,