Web Security and Privacy

  1. Core Web Technologies and Security Models
    1. HTTP Protocol
      1. HTTP Requests and Responses
        1. Request Structure
          1. Response Structure
          2. HTTP Methods
            1. GET
              1. POST
                1. PUT
                  1. DELETE
                    1. PATCH
                      1. HEAD
                        1. OPTIONS
                        2. HTTP Headers
                          1. Request Headers
                            1. Response Headers
                            2. Stateless Nature of HTTP
                              1. Implications for Authentication
                                1. Session Management
                              2. HTTPS and Secure Web
                                1. Role of SSL/TLS
                                  1. Encryption of Data in Transit
                                    1. Authentication of Server
                                    2. TLS Handshake Process
                                      1. Key Exchange
                                        1. Certificate Verification
                                          1. Session Establishment
                                          2. Certificate Authorities
                                            1. Root CAs
                                              1. Intermediate CAs
                                                1. Certificate Chains
                                                  1. Trust Stores
                                                2. Web Architecture Components
                                                  1. Client Browser
                                                    1. Browser Rendering Engine
                                                      1. Browser Extensions and Security
                                                      2. Web Server
                                                        1. Web Server Security
                                                          1. Application Server Security
                                                          2. Database
                                                            1. Database Security Controls
                                                              1. Secure Database Connections
                                                              2. Proxies and CDNs
                                                                1. Forward Proxies
                                                                  1. Reverse Proxies
                                                                    1. CDN Security Features
                                                                      1. Caching Implications for Security
                                                                    2. Browser Security Model
                                                                      1. Same-Origin Policy
                                                                        1. Definition and Purpose
                                                                          1. Origin Determination
                                                                            1. Scheme
                                                                              1. Host
                                                                                1. Port
                                                                                2. Cross-Origin Resource Sharing
                                                                                  1. CORS Headers
                                                                                    1. Preflight Requests
                                                                                      1. CORS Misconfigurations
                                                                                    2. Content Security Policy
                                                                                      1. CSP Directives
                                                                                        1. CSP Bypass Techniques
                                                                                          1. Implementing CSP
                                                                                          2. Sandboxing
                                                                                            1. iframe Sandbox Attribute
                                                                                              1. Limitations and Use Cases

                                                                                          Previous

                                                                                          1. Introduction to Web Security and Privacy

                                                                                          Go to top

                                                                                          Next

                                                                                          3. Client-Side Vulnerabilities