Become a More Secure Programmer by Learning How to Find and Fix Security Bugs
It seems like every few months we hear about a new data breach where millions of credit card numbers or passwords get into the hands of the bad guys. Why does this happen so often? It isn’t because the bad guys or gals are uberleet ninjas who can take down an application in thirty seconds. While some of those super hackers might exist, they’re so good that they wouldn’t even get noticed. No, these security breaches happen because programmers often develop software that contains holes in the security or an unsecured infrastructure. The newest O’Reilly School course, Introduction to Web Application Security, focuses on the fundamentals of writing secure software.
In this web security course, we focus on application security issues that tend to affect the most applications. The vast majority of issues boil down to just a few types. While I don’t touch on every type of security vulnerability, the course does cover the major categories, giving the student broader knowledge that can be applied to other security issues. User experience issues, performance problems and other bug types can become security bugs if an attacker finds a way to leverage those problems maliciously. If developers write code that is more secure, attacks are less likely to succeed and the user has a better experience.
In this course, you will build a simple web application, then test and find security problems in these and other areas:
– Common flaws with authentication and authorization
– Output encoding, including issues like cross-site scripting and SQL injection
– The many different ways to handle validating input and why some approaches are better than others
– How to store passwords securely and the theory behind different methods
– How to store user input in different file formats
While this web security course is focused on web applications, the skills you’ll learn can be applied to all other types of applications, such as n-tiered, mobile, and backend services. Much of security testing involves viewing a target and thinking about ways to break it. This course will teach you to look at applications like a potential hacker, as well as a solid and secure programmer.
For more information on our Introduction to Web Application Security course, please contact our most excellent Student Services team at email@example.com or (707) 827-7288..