• Online, Self-Paced
Course Description

Security is all about defense in depth: applying layer upon layer of security controls such that any one single failure does not lead to a compromise of the application. One layer is the browser itself, which is becoming increasingly intelligent when implementing defenses. Security headers are a way of telling the browser how a website may behave when it's loaded into the client, providing numerous defenses against a variety of attacks. This course walks through essential security headers that provide a greater level of defense for web applications. Students will review how they're intended to work, what attacks they protect against, and how to implement them in your website.

Learning Objectives

  • Browser Security Headers
  • HTTP Strict Transport Security (HSTS)
  • HTTP Public Key Pinning (HPKP)
  • Content Security Policy (CSP)
  • Tools for Working with Browser Headers

    Framework Connections

    The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

    Specialty Areas

    • Software Development