Web Application Security
The security every engineer must know. OWASP Top 10, XSS, SQL injection, CSRF, broken auth, insecure dependencies, input validation, and building secure applications by default.
FundamentalsTopics 1–10
- ·OWASP Top 10 Overview
- ·SQL Injection (SQLi)
- ·Cross-Site Scripting (XSS)
- ·Cross-Site Request Forgery (CSRF)
- ·Broken Access Control
- ·Security Misconfiguration
- ·Cryptographic Failures
- ·Insecure Dependencies (SCA)
- ·Security Logging & Monitoring
- ·Input Validation Principles
Start Fundamentals →
IntermediateTopics 11–20
- ·Authentication Attacks & Defences
- ·Session Management
- ·Secure Cookie Attributes
- ·CORS Configuration
- ·Content Security Policy (CSP)
- ·HTTP Security Headers
- ·Password Hashing (bcrypt/Argon2)
- ·JWT Security Pitfalls
- ·File Upload Security
- ·SSRF (Server-Side Request Forgery)
Start Intermediate →
AdvancedTopics 21–30
- ·Business Logic Vulnerabilities
- ·Race Conditions
- ·Path Traversal & Directory Listing
- ·XML External Entity (XXE)
- ·Deserialization Vulnerabilities
- ·GraphQL Security
- ·WebSocket Security
- ·OAuth 2.0 Security
- ·Subdomain Takeover
- ·Second-Order Injection
Start Advanced →
ProductionTopics 31–40
- ·SAST & DAST in CI
- ·Dependency Scanning
- ·Secrets Detection
- ·Security Headers Audit
- ·WAF Configuration
- ·Penetration Testing Basics
- ·Vulnerability Disclosure Policy
- ·Bug Bounty Programs
- ·Security Incident Response
- ·Compliance (SOC 2/GDPR/PCI-DSS)
Start Production →