Web Security Training

Navigating the web security landscape

Navigating the web security landscape

Web Security Essentials - Follow-up

I hope you enjoyed the Web Security Essentials course. I'm sure you already learned a lot about web security, common attacks and their defenses. This page offers you further reading material, and links to useful resources.

We send out a bi-weekly newsletter on web security, so if you want to stay up to date, subscribe to our mailing list using the button below.

As an overall introduction, I can highly recommend Mike West (Google) his keynote speech about Hardening the Web Platform. The links below are grouped per module that we covered in the training.

Keep your business private by securing the communication channel

The following resources contain a bit more information about the topics we covered during the course.

Below, you find a few pointers to related HTTPS topics.

Confirm your user’s identity with strong authentication

The pointers below explain a few topics from the course in a lot more detail.

  • An overview of the biggest data breaches over time

  • A blog post about the advantages of the YubiKey

  • The FIDO U2F security reference, which clearly gives an overview of the threats U2F counters.

  • Practical advice on addressing the top challenges with implementing U2F-based multi-factor auhtentication.

  • A description of Facebook's delegated recovery mechanism

  • An example of a brute-force attack in practice, worth $5000 in bug bounties

These resources give a bit of context to what we covered in the course

  • A detailed account of how Dropbox goes out of their way to store your passwords securely.

  • A guide from the Belgian government about choosing safe passwords.

Avoid authorization bypasses by locking down your sessions

Further reading material on authorization and session management

Why modern security technologies will eradicate Cross-Site Scripting

Additional information on Cross-Site Scripting and Content Security Policy can be found below.

A few practical resources and tools to combat XSS attacks