Defending Web Applications Course Overview

This document is a course outline for 'Defending Web Applications,' designed for Web Application Developers with a foundational understanding of AppSec Fundamentals and the OWASP Top 10. The course aims to provide best practices for securing web applications through various defense mechanisms integrated into code. It begins with web infrastructure security, covering TLS, CA certificates, and firewall configurations. The course then addresses authentication and authorization, detailing password attacks, multi-factor authentication, and privilege escalation. Following this, session management is discussed, focusing on vulnerabilities and security measures. Secure account management is also covered, including user enumeration and CSRF attacks. Data validation is emphasized, with topics such as input/output encoding and SQL injection defenses. Finally, the course concludes with monitoring and logging practices, including tools for tracking web application security. The total duration of the course is approximately 120 minutes.