Now that we have covered the basics of web security, keep all these principles and points in mind when developing web apps and securing existing web apps, and always be curious to learn more about what it takes to be secure.
- Web Dojo, which has many vulnerable applications and their docs included: Web Security Dojo
- Google Gruyere, by Bruce Leban, Mugdha Bendre, and Parisa Tabriz, another vulnerable web application, which you can do online without installing a VM: Web Application Exploits and Defenses
OWASP Broken Web Applications Project
In this course, we've covered many of the fundamentals of web application security, 0:00 authentication, authorization, TLS, compliance, patching strategies and more. 0:05 While building your application, 0:12 remember it starts with having a security first mindset. 0:14 Once you realize that security must be built 0:18 into the applications from the ground up and not slapped on later, 0:20 your efforts to protect your infrastructure will be easier. 0:25 As you handle data within your applications and 0:29 services, secure it at rest and 0:31 in transit with TLS, using certificates which can be easily installed for 0:34 free with services like Let's Encrypt or proxied through your site with Cloudflare. 0:38 With your sites in production, maintaining there security requires a constant 0:45 concern for the privacy and security of your users. 0:50 You must stay on top of incoming updates and patches from third party libraries and 0:53 services. 0:58 And, continue to maintain compliance with government regulations. 0:59 As you move into learning more advanced concepts in web security, 1:04 the open application security project, OASP for short, is a great resource. 1:08 A great place to start is with the OASP top ten. 1:14 This list of all the most common web vulnerabilities and 1:17 their associated fixes Is worth studying in depth. 1:21 There are also additional resources for 1:24 more hands on practice, including using vulnerable, virtual machines. 1:27 You can download these virtual machines, and run them on your own computer. 1:32 They include vulnerable applications which can be exploited 1:36 by following the documentation. 1:40 I have included these resources in the teachers' notes. 1:41 Thank you for choosing to make the web a safer place for everyone. 1:46
You need to sign up for Treehouse in order to download course files.Sign up