Security is all about defense in depth: applying layer upon layer of security controls such that any one single failure does not lead to a compromise of the application. One layer is the browser itself, which is becoming increasingly intelligent when implementing defenses. Security headers are a way of telling the browser how a website may behave when it's loaded into the client, providing numerous defenses against a variety of attacks. This course walks through essential security headers that provide a greater level of defense for web applications. Students will review how they're intended to work, what attacks they protect against, and how to implement them in your website.
- Browser Security Headers
- HTTP Strict Transport Security (HSTS)
- HTTP Public Key Pinning (HPKP)
- Content Security Policy (CSP)
- Tools for Working with Browser Headers