Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.
Start a free Basic trial
to watch this video
Computer security covers everything from network security to cryptography to malware analysis, but web security lies at the heart of the field as more and more apps are deployed everyday. As web developers and engineering managers, the responsibility lies with you to educate your co-workers, write secure code, and protect the users and customers of your web applications.
Treehouse Courses
Introduction to Data Security
Introduction to Application Security
Networking Stacks:
-
0:00
[MUSIC]
-
0:09
Hi, welcome to Treehouse's course on the OWASP Top 10.
-
0:12
My name is Jared Smith.
-
0:14
And in this course, we're going on a journey to understand the Top 10 most
-
0:18
common web application vulnerabilities.
-
0:20
We'll explore their impact on natural Node.js and JavaScript app, and
-
0:24
discover how to mitigate them.
-
0:27
Before jumping into this course, you should have taken the Treehouse courses
-
0:30
on data security and introduction to application Insecurity.
-
0:34
These provide the foundation for several of the concepts we will discuss here.
-
0:38
You will find links to both courses and the teachers notes on this video's page.
-
0:42
Keep in mind, you don't need to be an expert in security to write secure code,
-
0:47
since security is as broad of a field as web development itself.
-
0:50
Security is extremely dynamic, since it can be applied to nearly any technology.
-
0:55
As shown here, security ranges up and down the modern networking stack.
-
0:59
When you we talk about security, you might be thinking if we're talking the physical
-
1:03
ones and zeroes running across the cable.
-
1:05
This would be very low level.
-
1:07
Or you might be thinking of protecting your web apps from malicious threats
-
1:10
intercepting traffic.
-
1:12
This will be at the application layer.
-
1:14
Regardless, it is important to realize the security is a very broad topic.
-
1:18
And we'll only be diving into the parts of security that lie
-
1:21
in the web protocols at the application layer of most modern networking stacks.
-
1:26
Web security concerns the security of websites, apps, APIs, and
-
1:30
services in general.
-
1:32
It covers a wide range of topics from writing secure code
-
1:35
to protecting them once they're already deployed in production.
-
1:38
On the modern web, security varies widely from site to site.
-
1:41
But in this course,
-
1:42
we're going to take a look at the Top 10 Vulnerabilities in Modern Web Apps.
-
1:46
From cross site scripting to database injection and
-
1:49
misconfiguration, we will cover the most significant issues out there today.
-
1:54
Our goal is for you to go beyond the basics, and
-
1:56
be able to mitigate existing and new security flaws.
-
1:59
This will allow you to make sure your sites, APIs, services, and
-
2:03
apps are resistant to attackers.
-
2:06
Without building and maintaining secure applications, your users are at risk,
-
2:10
and your company's assets may be on the line.
-
2:13
Within nearly every competent organization,
-
2:15
someone should be responsible for security.
-
2:18
And at least every developer should know the basics and be aware of what risks they
-
2:22
might be introducing into the code base with every feature and every bug fix.
-
2:27
No matter what your job at your company, organization, or even side project,
-
2:31
you should have security in mind when you deploy your web apps,
-
2:34
especially if you have active users.
-
2:36
By working together and
-
2:37
putting security first, we can all reduce the impact that data breaches and
-
2:42
attackers can cause to the users for whom we build our technology.
You need to sign up for Treehouse in order to download course files.
Sign up