web-security

Stage#2. Web Security

Module Overview 📚

This module introduces students to the fundamentals of web security. It aims to provide an in-depth understanding of securing web applications against common threats. The module covers a range of topics from API Security Best Practices to Authentication and Authorization methods.

Learning Objectives 🎯

Students will:

• Understand the importance of API security best practices including rate limiting, input validation, and error handling.
• Learn about Authentication and Authorization methods such as Basic Auth, OAuth, and JWT, along with best practices for secure authentication over HTTP/HTTPS.

Approximate Module Completion Time ⏱️

• 4 hours

Theory 📖

Students are encouraged to study the following resources:

• Web Application and API Security:

  • Security on the Web
  • Website Security
  • OWASP Top 10 API Security Risks – 2023
  • The Fundamentals of Rate Limiting

• Authentication and Authorization:

  • Authorization
  • HTTP authentication
  • An Introduction to OAuth 2
  • Introduction to JSON Web Tokens

• Cheat Sheets:

  • Input Validation Cheat Sheet
  • Authorization Cheat Sheet
  • Authentication Cheat Sheet

Practice 💻

• Complete the test "[St2] Web Security" in the RS-App > Auto Test.

Additional Resources 📘

Expand your knowledge with these additional materials:

• Web Application and API Security:

  • JavaScript Web Application Secure Coding Practices
  • API Tokens: A Tedious Survey
  • The Beginner’s Guide to Passwords

• Authentication and Authorization:

  • Authentication vs Authorization
  • OAuth 2 Simplified
  • OAuth 2.0 in Plain English
  • Tutorial: How OAuth 2 works with real world example
  • JSON Web Tokens (JWT) — the only explanation you will ever need

• Cheat Sheets:

  • Web Security Cheat Sheet
  • Cross Site Scripting Prevention Cheat Sheet
  • Content Security Policy Cheat Sheet
  • Clickjacking Defense Cheat Sheet
  • DOM Clobbering Prevention Cheat Sheet
  • DOM based XSS Prevention Cheat Sheet