1 00:00:00,000 --> 00:00:04,833 [MUSIC] 2 00:00:04,833 --> 00:00:08,460 Welcome I'm Alena, a teacher here at Treehouse. 3 00:00:08,460 --> 00:00:12,930 Whatever your language of choice, PHP, .NET, JavaScript, 4 00:00:12,930 --> 00:00:18,850 Python, Java or any other language, security is for everyone. 5 00:00:18,850 --> 00:00:22,890 In this course, we're going to learn about some of the most important web security 6 00:00:22,890 --> 00:00:27,410 fundamentals, including HTTPS, authentication and 7 00:00:27,410 --> 00:00:30,540 authorization, patch management, and compliance. 8 00:00:31,570 --> 00:00:35,320 Each of these topics is a focus in the field of web security. 9 00:00:35,320 --> 00:00:38,490 Which falls beneath the larger umbrella of security in general. 10 00:00:39,500 --> 00:00:44,080 Security in general, however, can be applied to nearly any technology. 11 00:00:44,080 --> 00:00:49,000 As shown here, security ranges up and down the modern networking stack. 12 00:00:49,000 --> 00:00:53,340 When we think of security, we may think of protecting the physical 1s and 13 00:00:53,340 --> 00:00:57,650 0s running across the cable, which would be a very low level. 14 00:00:57,650 --> 00:01:00,930 Or, we may think of protecting our web applications 15 00:01:00,930 --> 00:01:05,810 from bad people intercepting traffic, which would be at the application level. 16 00:01:07,000 --> 00:01:12,410 Regardless, it's important to realize that security is a very broad topic. 17 00:01:12,410 --> 00:01:17,080 We'll only be diving into the parts of security that lie in the web protocols 18 00:01:17,080 --> 00:01:20,175 at the application layer of most networking stacks. 19 00:01:21,480 --> 00:01:24,870 Web security concerns the security of websites, 20 00:01:24,870 --> 00:01:28,520 applications, APIs and services in general. 21 00:01:28,520 --> 00:01:32,630 It covers a wide range of topics from writing secure code 22 00:01:32,630 --> 00:01:35,270 to protecting your applications once they're deployed. 23 00:01:36,390 --> 00:01:40,730 On the modern web, security varies widely from site to site. 24 00:01:40,730 --> 00:01:42,950 Our goal is to teach you the basics. 25 00:01:42,950 --> 00:01:47,350 And insure that you have the ability to explore more advance concepts 26 00:01:47,350 --> 00:01:52,000 that will allow you to secure your sites, APIs, services, and 27 00:01:52,000 --> 00:01:55,340 applications against malicious entities. 28 00:01:55,340 --> 00:02:00,030 Without building and maintaining secure applications, your users are at risk, and 29 00:02:00,030 --> 00:02:03,030 your company's assets maybe vulnerable. 30 00:02:03,030 --> 00:02:06,100 Within nearly every competent organization, 31 00:02:06,100 --> 00:02:08,290 someone should be responsible for security. 32 00:02:09,500 --> 00:02:13,410 And at least every developer should know the basics. 33 00:02:13,410 --> 00:02:17,350 As developers, we should be aware of the potential vulnerabilities 34 00:02:17,350 --> 00:02:22,620 introduced into the code base with each feature and every bug fix. 35 00:02:22,620 --> 00:02:27,700 No matter what your job at your company, organization, or even side project, 36 00:02:27,700 --> 00:02:31,930 you should have security in mind when you deploy your web applications. 37 00:02:31,930 --> 00:02:34,850 Especially if you have users you wish to protect. 38 00:02:35,960 --> 00:02:40,940 By working together and putting security first, we can all reduce the impact 39 00:02:40,940 --> 00:02:44,680 that data breaches and malicious entities cause to our users.