Frequently, the first thing a developer knows of a serious security flaw in their application is when it’s too late and it’s already been exploited. There’s a broad range of security risks and corresponding mitigations within web applications and it’s absolutely essential that developers learn how to identify these themselves. This course walks through a typical security review of an established web application and identifies which practices have been done well and then which ones could be improved. It’s a technology agnostic course – it doesn’t matter whether you work in ASP.NET or Node or PHP, this is all about the web and applies equally to all apps that run in the browser.
Lars is an author, trainer, Microsoft MVP, community leader, authority on
all things Windows Platform, and part time crocodile wrangler. He is heavily
involved in the space of HoloLens and mixed reality, as well as a published
Pluralsight author, freelance solution architect, and writer for numerous
Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.
Secure Account Management Hi. I'm Lars Klint. I'm a developer and author with Pluralsight and I'm here today with Troy Hunt that I've asked to do a security review of an application that we've done at the company I work for. So thanks Troy for having a look at this app and then giving it, well, your treatment. Yeah, thanks Lars. Yeah, we've given it a little bit of a treatment and look what I've done and what we're going to do today is pretty much what I do for any app where someone says look we want to have a security review, we want to go through and see how the thing is put together and where the sort of common vulnerabilities are. So that's what I've done for you and we're going to go through that whole process today. So should I be excited or scared? Yes. A little bit of both. So maybe where we should start is just a little bit of context, what does this app do?