Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Introduction to Application Security

Well done!

You have completed Introduction to Application Security!

Sign up for Treehouse Back to Library

Next Steps

1:50 with Alena Holligan and Jared Smith

Now that we have covered the basics of web security, keep all these principles and points in mind when developing web apps and securing existing web apps, and always be curious to learn more about what it takes to be secure.

Practice

Further Reading

Vulnerable VMs:

  • Web Dojo, which has many vulnerable applications and their docs included: Web Security Dojo
  • Google Gruyere, by Bruce Leban, Mugdha Bendre, and Parisa Tabriz, another vulnerable web application, which you can do online without installing a VM: Web Application Exploits and Defenses

Security challenges: Websites with online challenges to hack into apps, exploit JavaScript, and break cryptography problems:
https://www.hackthissite.org/
https://overthewire.org/wargames/

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    In this course, we've covered many of the fundamentals of web application security, 0:00
    authentication, authorization, TLS, compliance, patching strategies and more. 0:05
    While building your application, 0:12
    remember it starts with having a security first mindset. 0:14
    Once you realize that security must be built 0:18
    into the applications from the ground up and not slapped on later, 0:20
    your efforts to protect your infrastructure will be easier. 0:25
    As you handle data within your applications and 0:29
    services, secure it at rest and 0:31
    in transit with TLS, using certificates which can be easily installed for 0:34
    free with services like Let's Encrypt or proxied through your site with Cloudflare. 0:38
    With your sites in production, maintaining there security requires a constant 0:45
    concern for the privacy and security of your users. 0:50
    You must stay on top of incoming updates and patches from third party libraries and 0:53
    services. 0:58
    And, continue to maintain compliance with government regulations. 0:59
    As you move into learning more advanced concepts in web security, 1:04
    the open application security project, OASP for short, is a great resource. 1:08
    A great place to start is with the OASP top ten. 1:14
    This list of all the most common web vulnerabilities and 1:17
    their associated fixes Is worth studying in depth. 1:21
    There are also additional resources for 1:24
    more hands on practice, including using vulnerable, virtual machines. 1:27
    You can download these virtual machines, and run them on your own computer. 1:32
    They include vulnerable applications which can be exploited 1:36
    by following the documentation. 1:40
    I have included these resources in the teachers' notes. 1:41
    Thank you for choosing to make the web a safer place for everyone. 1:46

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up