What Every Developer Must Know About HTTPS

By Troy Hunt
HTTPS is an essential component of any software running on the web. This course teaches developers how to get their apps talking securely over the web, while avoiding the common pitfalls so many sites fall victim to.
Play course overview
Course info
Rating
(285)
Level
Beginner
Updated
Apr 12, 2017
Duration
3h 25m
Table of contents
Course Overview
Course Overview 2m
The HTTPS Value Proposition
Overview 3m The Rise and Rise of HTTPS 4m Understanding a Man in the Middle Attack 7m The Importance of Confidentiality 3m The Importance of Integrity 3m The Importance of Authenticity 4m Abuses of Unencrypted Traffic Are Everywhere 3m The (Perceived) Barriers to HTTPS 4m The Big Browser Shift 5m Summary 3m
HTTPS Fundamentals
Overview 2m Certificate Authorities 7m SSL and TLS 4m The TLS Handshake 2m Issuing Certs for Development 3m Intercepting HTTPS Traffic During Debugging 6m Using badssl.com 2m Summary 2m
Securing the Application
Overview 2m Redirecting from HTTP to HTTPS 7m HTTP Strict Transport Security (HSTS) 5m Preloading HSTS 7m Understanding Mixed Content 9m Using a CSP to Upgrade or Block Insecure Requests 7m Secure Cookies 4m Summary 3m
Overcoming (Perceived) Barriers to HTTPS
Overview 2m The Impact of HTTPS on Server Performance 5m Making HTTPS Go Fast on Clients 7m HTTPS Adoption of Downstream Services 6m Cost and Complexity 4m Using Let’s Encrypt for Free 10m Using Cloudflare for Free 11m Summary 3m
Beyond the Basics
Overview 2m TLS and HTTPS Acronyms 5m Public Key Pinning 6m SSL Labs 7m Extended Validation Certificates 6m Other Reasons to Adopt HTTPS 5m HTTPS Blind Spots 5m The Tide Is Rapidly Turning 3m Summary 3m
Description
Course info
Rating
(285)
Level
Beginner
Updated
Apr 12, 2017
Duration
3h 25m
Description

Securing the transport layer of any application talking over the web is becoming an absolutely essential attribute of modern software. However, HTTPS is frequently not implemented due to perceived (rather than actual) barriers and when it is, it's often done poorly. Not only that, but many modern browser features that can help streamline secure communications (and actually make it more efficient and resilient) are rarely used. In this course, What Every Developer Must Know About HTTPS, you will learn all about why you need HTTPS. First, you'll learn the many positive things that HTTPS does. Next, you'll learn about what many people perceive as barriers to HTTP adoption. Finally, you'll spend some time exploring some topics that go outside of the the basics of HTTPS. By the end of this course, you'll have a fundamental knowledge to both implement HTTPS properly from the outset and retrofit it to existing applications.

About the author
Troy Hunt
About the author

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.

More from the author
Ethical Hacking: Denial of Service
Beginner
2h 50m
Sep 17, 2019
Ethical Hacking: SQL Injection
Beginner
5h 26m
Sep 16, 2019
Ethical Hacking: Session Hijacking
Beginner
3h 28m
Sep 16, 2019
More courses by Troy Hunt
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, this is Troy Hunt, and welcome to my course on what every developer must know about HTTPS. I've created dozens of plural site courses over the years on all sorts of aspects of web security, so I spend a huge amount of my time doing that and traveling around the world talking to developers in all sorts of different organizations about how to secure their things on the web. Some of the things you'll learn in this course is why we need HTTPS. We run through a bunch of the fundamentals, about all sorts of different positive things that HTTPS does before we dive into what you actually need to do to secure your apps. You'll also learn about what many people perceive as barriers, so HTTPS adoption, and then you'll see why they simply don't apply anymore. I go through a lot of examples in industry precedents that will contextualize just why HTTPS is so important. You'll see where it's all gone wrong before and learn how to implement this essential security defense properly. By the end of this course, you'll be all set to roll out HTTPS in your app, and if you already have it, you'll almost certainly learn a bunch of new tricks to make it faster, more secure, and more reliable. No matter what platform you're working on, this is a great course for learning everything you need to know as a developer about properly implementing HTTPS.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT