Securing a web application is hard, but it’s also extremely important. There is so much to learn, and the learning curve is so steep, that newcomers to web development are often overwhelmed when they look at all that goes into making a simple login authenticated website.
I made this crash course because I too faced a lot of trouble in learning and implementing most of the security features that come with standard web applications. This was because most of the resources on these topics are scattered and explained in a way not suitable for people just getting started.
This course (read: series of 7 blog posts) is aimed at newcomers who want to get up to speed with some of the most basic and important concepts like password management, session cookies, and some of the most common types of attacks. All posts are kept short, contain examples, and can be completed in a few days.
So, here it is :
- Sessions and cookies
- Password storage
- CORS (Cross origin resource sharing)
- XSS (Cross site scripting)
- CSRF (Cross site request forgery)
- SQL Injection
- Human Error and UI/UX design
These topics are compiled based on my experience in web development. If you have any feedback on a topic that is not covered, let me know in the comments!