Samer Aoudi
Cybersecurity Simplified
Web Security

This course is focused on the security of dynamic, or data-driven, Web Applications. The book highlights common vulnerabilities, attack methods, and protection techniques. Learners will understand the fundamental problem inherent in web applications with focus on known weaknesses. The course also demonstrates how to discover and exploit security flaws with the objective of securing a web application against possible attacks.



Learning Outcomes
  1. Identify critical security risks to web applications
  2. Discover security flaws in web applications
  3. Use tools and techniques to attack web applications
  4. Perform a penetration test on we application
Digital Book
Read
Full access to digital learning materials              
YouTube Channel
Watch
Dedicated YouTube Playlist for web application security
Apply
Apply
Apply your knowledge in a contrlled lab environment    
The E-textbook
Target Audience

Although this book can be used by people with different backgrounds, it is intended for those with IT background. Web development background can help you better understand Web Apps flaws and how attackers exploit them. This book can be used at any educational level, from technical high schools and community colleges to graduate students. Industry professionals can also use this book.

Edition

This is the first edition of the book. Published on September 1, 2022

Chapter Description

Chapter 1 - Web Application Fundamentals: This chapter introduces the Worldwide Web and outlines important concepts related to web applications. Before getting into Web Security, the learner must have a solid understanding of the Web, as outlined in this chapter.
Chapter 2 - The Web Application Security Problem: Due to the open nature of the Web, it is both a subject and an object of security breaches and attacks. This chapter outlines the inherent security problem of Web Applications. The chapter introduces Web Application security standards including the top 10 known security flaws and vulnerabilities as defined by OWASP.
Chapter 3 - Identification, Authentication, and Access Control: Digital identity is the unique representation of a subject engaged in an online transaction. This chapter introduces digital identity along with its associated processes such as determining the validity of an identity claim (Authentication), and dictating who is authorized to access information resources (Access Control). This chapter explains security flaws associated with Identification, Authentication, and Access Control. Different attack vectors are presented, and prevention measures and techniques are outlined.
Chapter 4 - Cryptographic Failures: Sensitive Data, whether at Rest or in Transit, must be protected. Cryptography is the process of protecting information by encrypting it, so that only those for whom the information is intended can read and process it. Applications should be designed to still be secure even if cryptographic controls fail. We can achieve this by applying Defence in Depth. This chapter explains the root cause for sensitive data exposure; namely, Cryptographic Failures. Different attack vectors are presented, and prevention measures and techniques are outlined.
Chapter 5 - Injection: Coming Soon.
Chapter 6 - Insecure Design: Coming Soon.
Chapter 7 - Security Misconfiguration: Coming Soon.
Chapter 8 - Vulnerable and Outdated Components: Coming Soon.
Chapter 9 - Software and Data Integrity Failures: Coming Soon.
Chapter 10 - Security Logging and Monitoring Failures: Coming Soon.
Chapter 11 - Server-Side Request Forgery: Coming Soon.

Legal

Some of the product names and company names used in this book have been used for identification purposes only and may be trademarks or registered trademarks of their respective organizations. The software tools and applications in this book are for instructional purposes only. They have been tested with care, but are not guaranteed for any particular intent beyond educational purposes. The author does not offer any warranties or representations, nor does he accept any liabilities with respect to the programs.
© 2022 Samer Aoudi

#cybersecurity #etextbook #websecurity #pentesting #onlinelessons
Ads by Google
               
© Samer Aoudi 2005-2024