Why We Should Care About Web Security

[MUSIC] 0:00 Hi, welcome to Treehouse's course on the OWASP Top 10. 0:09 My name is Jared Smith. 0:12 And in this course, we're going on a journey to understand the Top 10 most 0:14 common web application vulnerabilities. 0:18 We'll explore their impact on natural Node.js and JavaScript app, and 0:20 discover how to mitigate them. 0:24 Before jumping into this course, you should have taken the Treehouse courses 0:27 on data security and introduction to application Insecurity. 0:30 These provide the foundation for several of the concepts we will discuss here. 0:34 You will find links to both courses and the teachers notes on this video's page. 0:38 Keep in mind, you don't need to be an expert in security to write secure code, 0:42 since security is as broad of a field as web development itself. 0:47 Security is extremely dynamic, since it can be applied to nearly any technology. 0:50 As shown here, security ranges up and down the modern networking stack. 0:55 When you we talk about security, you might be thinking if we're talking the physical 0:59 ones and zeroes running across the cable. 1:03 This would be very low level. 1:05 Or you might be thinking of protecting your web apps from malicious threats 1:07 intercepting traffic. 1:10 This will be at the application layer. 1:12 Regardless, it is important to realize the security is a very broad topic. 1:14 And we'll only be diving into the parts of security that lie 1:18 in the web protocols at the application layer of most modern networking stacks. 1:21 Web security concerns the security of websites, apps, APIs, and 1:26 services in general. 1:30 It covers a wide range of topics from writing secure code 1:32 to protecting them once they're already deployed in production. 1:35 On the modern web, security varies widely from site to site. 1:38 But in this course, 1:41 we're going to take a look at the Top 10 Vulnerabilities in Modern Web Apps. 1:42 From cross site scripting to database injection and 1:46 misconfiguration, we will cover the most significant issues out there today. 1:49 Our goal is for you to go beyond the basics, and 1:54 be able to mitigate existing and new security flaws. 1:56 This will allow you to make sure your sites, APIs, services, and 1:59 apps are resistant to attackers. 2:03 Without building and maintaining secure applications, your users are at risk, 2:06 and your company's assets may be on the line. 2:10 Within nearly every competent organization, 2:13 someone should be responsible for security. 2:15 And at least every developer should know the basics and be aware of what risks they 2:18 might be introducing into the code base with every feature and every bug fix. 2:22 No matter what your job at your company, organization, or even side project, 2:27 you should have security in mind when you deploy your web apps, 2:31 especially if you have active users. 2:34 By working together and 2:36 putting security first, we can all reduce the impact that data breaches and 2:37 attackers can cause to the users for whom we build our technology. 2:42