Play by Play: Modern Web Security Patterns
By Lars Klint and Troy Hunt
Course info
Course info
Description
Play by Play is a series in which top technologists work through a problem in real time, unrehearsed, and unscripted. In this course, Play by Play: Modern Web Security Patterns, Troy Hunt and Lars Klint investigate current security web approaches and trends with real world examples, and then dive into how these incidents and errors can be fixed with easy to use techniques. Learn how subresource integrity checking can validate assets, content security policies in action and learn how to configure them, and get crucial knowledge on how important HTTPS is and some of the tools you can use to test your site. By the end of this course, you’ll have all the tools you need to learn about how you can secure your web assets, with the Modern Web Security Standards.
About the author
Lars is an author, trainer, Microsoft MVP, community leader, authority on all things Windows Platform, and part time crocodile wrangler. He is heavily involved in the space of HoloLens and mixed reality, as well as a published Pluralsight author, freelance solution architect, and writer for numerous publications.
More from the author
About the author
Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.
More from the author
Section Introduction Transcripts
Course Overview
(Introduction) Hi everyone. This is Troy Hunt. And I'm Lars Klint. And welcome to our Play by Play on Modern Web Security Standards. I'm an Australian Pluralsight author and security specialist, and I've got a passion for helping people secure their web assets. And I'm a freelance solution architect at larsklint. com, Microsoft MVP, speaker, instructor, and expert in mixed reality development and Australian Outback internet. I've been building software systems from tiny websites to gargantuan telecommunication systems for the past 20 years. In this course, we will investigate current web security approaches, trends, and real-world examples. So we're going to look at some of the places where we have gone wrong with web security in the past, and talk about how we can fix them with modern web security standards. Learn how resource integrity checking can validate assets such as JavaScript files served by a third party and how it can make your website run smoother and faster. We look at how the browser XSS auditors work and what they do to protect visitors to our websites, we optimize our HTTPS themes. HTTPS is enormously important, and there's lots of ways we can get it wrong, as well as lots of cool tricks to make it better. And one of my favorite things, how to enable your visitors' browsers to automatically send you vulnerabilities that might occur in your site by using the report URI feature. But that isn't all. You'll also get crucial knowledge on how important HTTPS is and some of the tools you can use to test your site. We discuss advantages and disadvantages of HTTP public key pinning, certificate authority authorization, and finally, how you need to apply common sense to a lot of the security hype and fear. To complete the course, all you need is an open mind, an understanding of the internet, and the next hour and a bit to watch this course. I hope you'll join us on this journey to learn about how you can secure your web assets, with the Modern Web Security Standards Play by Play, here at Pluralsight.