Web Security Foundations

Web Security Foundations

The Cyber Security module is intended to be an introduction to the key concepts of Cyber Security. Students will learn the mindset, discipline, and methods for securing a software project. This course is designed to be useful and accessible to application developers, QA testers, operations teams, and leadership who want to understand how to have conversations and make decisions around application security. You will complete this course with both a theoretical model and specific technical knowledge.


Objectives of this module are

  • Introduction to Security
  • Network Topologies
  • Trust Boundaries, Input/Output Scrubbing
  • Resources, Authentication, Access Controls, OAuth
  • Application Attack Vectors: privilege escalation, SQL, file uploads, XSS, CSRF
  • Development Practices: SSH, SFTP, private keys, passwords, auth tokens
  • Hosting Options and Security
  • Network Stack - Deep Dive
  • Protocol/OS attack vectors: DOS, failure to encrypt, SSL vulnerabilities
  • Software Updates, Firewalls, Rate limiting
  • Security Standards: PII, SPI, HIPAA, PCI
  • Encryption: data at rest, in transit, hashing/salting passwords
  • Internal Attack Vectors: social engineering, phishing
  • Security Community - OWASP, CVEs, WHID, Veris, how to be watchful
  • What to do if you get hacked

Mastery Project
  • No Project, Exam Only
Core Technologies
  • Wireshark, cURL, Chrome Devtools
Operating System Requirements
  • Windows 7+, OSX 10+, Linux
Target Average Time to Complete Course
  • 20 Hours
arrow down select Back to courses