In a world where cybersecurity threats are more prevalent than ever, understanding how to safeguard your web applications is of paramount importance.
Brandon teaches this course. He is an engineer at Semgrep and teaches at Carnegie Mellon University. Semgrep provided a grant that made this course possible.
To make it interesting and fun, the video is presented in a quiz format. You will see a small code snippet and be asked to find the vulnerabilities. Then you will learn about the vulnerabilities and how to fix them.
Regular expression denial of service (ReDoS) attacks are also discussed, demonstrating how complex regular expressions can potentially lead to service disruption. The course illustrates how to prevent this by leveraging efficient libraries instead of creating intricate regular expressions.
The course then shifts focus to Docker and the potential security misconfigurations that can occur within Dockerfiles. You will learn the importance of not granting root privileges within Docker images to prevent disastrous consequences.
One of the critical lessons in this course is the dangers of hard-coded credentials within application code. The course shows the benefits of using environment variables to store sensitive data, which enhances security and makes it easier to manage secrets.
Finally, the course concludes with an insight into host header injection attacks. You will learn to avoid using host headers from user requests, which can be manipulated to generate malicious URLs.
This comprehensive course is designed to provide developers with a solid understanding of common web application vulnerabilities and how to prevent them. By learning to identify these vulnerabilities and implement secure coding practices, participants will be better equipped to build robust and secure web applications.
Watch the full course on the freeCodeCamp.org YouTube channel (30 minute watch).