subject
Intro

edX: Web Security Fundamentals

 with  Philippe De Ryck
Class Central Course Rank
#2 in Subjects > Computer Science > Cybersecurity

Web applications are inherently insecure, as aptly illustrated by a pile of recent events. Insecurity is however not fundamental to the web platform. As a matter of fact, the modern web offers a variety of powerful security features that help stop a hacker. Unfortunately, not many developers have the knowledge and skills to leverage these security features to their full potential.

This course is imperative for understanding the fundamental security principles of the web. The course provides an overview of the most common attacks, and illustrates fundamental countermeasures that every web application should implement. In essence, this course offers you the knowledge and skills to build better and more secure applications.

This MOOC will introduce you to the web security landscape. Throughout the course, you will gain insights into the threats that modern web applications face. You’ll build an understanding of common attacks and their countermeasures; not only in theory, but also in practice. You’ll be provided with an overview of current best practices to secure web applications

Although no previous security knowledge is necessary to join this course, it will help to be familiar with the basic concepts behind web applications, including HTTP, HTML, and JavaScript.

Syllabus

Week 1: Is security an illusion?

Introduction to the web security landscape, and an overview of the most relevant threats. Understanding the security model of the web, and the recent evolution towards client-centric security.

Week 2: Securing the communication channel
Understanding the dangers of an insecure communication channel. Practical advice on deploying HTTPS, and dealing with the impact on your application. Insights into the latest evolutions for HTTPS deployments.

Week 3: Preventing unauthorized access
Understanding the interplay between authentication, authorization and session management. Practical ways to secure the authentication process, prevent authorization bypasses and harden session management mechanisms.

Week 4: Securely Handling untrusted data
Investigation of injection attacks over time. Understanding the cause behind both server-side and client-side injection attacks. Execution of common injection attacks, and implementation of various defenses.

Week 5: Conclusion
Putting the contents of this course into perspective, and relating it back to the most relevant threats from the introduction. Overview of current best practices for building secure web applications.

13 Student
reviews
Cost Free Online Course
Pace Self Paced
Subject Cybersecurity
Institution KU Leuven University
Provider edX
Language English
Hours 4-6 hours a week
Calendar 5 weeks long

Disclosure: To support our site, Class Central may be compensated by some course providers.

+ Add to My Courses
FAQ View All
What are MOOCs?
MOOCs stand for Massive Open Online Courses. These are free online courses from universities around the world (eg. Stanford Harvard MIT) offered to anyone with an internet connection.
How do I register?
To register for a course, click on "Go to Class" button on the course page. This will take you to the providers website where you can register for the course.
How do these MOOCs or free online courses work?
MOOCs are designed for an online audience, teaching primarily through short (5-20 min.) pre recorded video lectures, that you watch on weekly schedule when convenient for you.  They also have student discussion forums, homework/assignments, and online quizzes or exams.

Reviews for edX's Web Security Fundamentals
4.3 Based on 13 reviews

  • 5 stars 77%
  • 4 star 8%
  • 3 star 0%
  • 2 star 0%
  • 1 stars 15%

Did you take this course? Share your experience with other students.

Write a review
  • 1
4.0 4 months ago
by Richard Hornsby completed this course, spending 7 hours a week on it and found the course difficulty to be medium.
TL;DR: Overall, I strongly recommend this course to web application developers and their ops/security partners. The course doesn't simply present a bunch of major weaknesses in web apps and then throw up its hands, but rather presents each vector in detail and shows you how to mitigate or eliminate the problem. This includes discussing the relative merits of different mitigation strategies, and raising awareness of the consequences to users.

--

I've been in the industry, primarily working on or around web applications for years. There were a lot of things I still learned. The instructor takes security challenges that every web application (whether dev or ops side) veteran knows about - XSS, CSRF, injection attacks - and dives into them using easy to understand animations, and the same java-based web application as an example throughout the course.

There's virtually no setup or configuration required to run the example application. You download a s
Read more
TL;DR: Overall, I strongly recommend this course to web application developers and their ops/security partners. The course doesn't simply present a bunch of major weaknesses in web apps and then throw up its hands, but rather presents each vector in detail and shows you how to mitigate or eliminate the problem. This includes discussing the relative merits of different mitigation strategies, and raising awareness of the consequences to users.

--

I've been in the industry, primarily working on or around web applications for years. There were a lot of things I still learned. The instructor takes security challenges that every web application (whether dev or ops side) veteran knows about - XSS, CSRF, injection attacks - and dives into them using easy to understand animations, and the same java-based web application as an example throughout the course.

There's virtually no setup or configuration required to run the example application. You download a single virtualbox VM, and all the tools you need are already installed for the entire course.

The course material and real-world examples are current up to and including a mention of this summer's Equifax fiasco in the United States. He interviews experts in the field to get their perspective - almost like a guest in a lecture.

There were two things about the course I wish would have been a little better:

- The beersafe web application is written in Java, and in a couple of the lab assignments it seems like there's an assumption of Java programming knowledge. Reading a language like Java is one thing (if you can read 2 or 3 or 4 coding languages you can more or less make enough sense of any of them to figure out generally what's going on), but writing Java can get overwhelming quickly if you don't have a background or haven't done it in a long time. There are a couple of places where the lab explanation assumes you know the deeply nested directory structure of a Java application, but that's easily corrected by amending the instructions.

- Occasionally, a test question is very confusing with multiple choice answers whose difference exists almost entirely in semantics. It is occasionally left to the student to get into the instructor's head to figure out the answer - the question behind the question if you will.

In one case, the question wants you to choose the more specific answer than the question would indicate, and in another the question is looking for the more general answer even though the question is worded very specifically. To be fair, this challenge is not unique to this course. It's how I find many of these CBT tests end up working.

Neither of these two things should dissuade you from taking the course. It's vitally important material, and obvious that the instructor put a lot of work into making the course informative and relevant.
Was this review helpful to you? Yes
1.0 a month ago
Anonymous partially completed this course, spending 6 hours a week on it and found the course difficulty to be very hard.
I don't know about the other reviewers, but this course was very different than I expected. It went too fast and was too hard!
Was this review helpful to you? Yes
5.0 4 months ago
Anonymous completed this course.
An absolutely challenging course. It is longer that it seems at the beginning because you have to deep into the related material and the links provided in the extended information to fully understand the concepts. The labs are well planned and help to further understanding. The questions are more difficult than other courses in edX because you have to think and understand the concepts rather than memorize the theory. Finally, the profesor is an especialist and passionate of his job and transmits this passion and knowledge to the students. This course is a "must do" to every web developer and also for system administrators.
Was this review helpful to you? Yes
5.0 4 months ago
Anonymous completed this course.
This is one of the highest quality courses I'm taking on edX both teaching-wise as well as excellent video, sound, and slide quality. Even though not all of the material might be news for web developers, I gained valuable insights and it also motivated and gave me the right tools and starting points to dive deeper into certain topics. The interviews with industry pros were a great addition.
Was this review helpful to you? Yes
5.0 2 weeks ago
Anonymous completed this course.
The course lectures are concise and well prepared. Especially enjoyed the lab sessions giving hands-on experience with different security concepts, as well as guest interviews. The tests are not easy and composed in a way that promotes deeper understanding of the material. Great professionally crafted course!
Was this review helpful to you? Yes
5.0 2 months ago
by Vikram Hegde completed this course, spending 6 hours a week on it and found the course difficulty to be hard.
Very challenging (for me at least) but it was an excellent course. I was never taught a lot of this stuff in school (either for Undergrad or Master's) so I'm glad I took this course. I think it contains a lot of essential information for web developers. I highly recommend it.
Was this review helpful to you? Yes
5.0 2 months ago
by Juan Carlos Saavedra completed this course and found the course difficulty to be hard.
Simply excellent!!!. In my opinion, this is one of the best MOCs I have ever studied. Maybe, some of the tests were a bit tricky on some occasions. Honestly, I had not much time free, however, it was so interesting that I had not any doubt to go ahead and finish it.
Was this review helpful to you? Yes
5.0 3 months ago
Jader Santos completed this course, spending 6 hours a week on it and found the course difficulty to be medium.
The course is really useful for everyone who develops web applications. Only with video classes one can easily forget the true nature of a security breach, but this course comes with the pratical labs that consolidate the learning.
Was this review helpful to you? Yes
5.0 4 months ago
Anonymous completed this course.
A must do. A high quality course completed with very challenging questions and exams. They forces you to reflect, study and deeply grasp the material. Topics, data and materials are really recent and up to date.
Was this review helpful to you? Yes
1.0 a month ago
by Bob dropped this course, spending 14 hours a week on it and found the course difficulty to be very hard.
I spent lots of time and energies on this course, but the lessons were not clear, and I couldn't follow anything. My effort was there, but this just was poorly designed!
Was this review helpful to you? Yes
5.0 4 months ago
Arun Bhardwaj completed this course.
one of the nice courses that I've done...I hope you will upload more interesting courses...Looking forward for more experience with you..

thank you
Was this review helpful to you? Yes
5.0 3 months ago
Anonymous completed this course.
Excellent, well-structured course. Very usefull course, covering all the actual web security issues and how to deal with them. Thanks
Was this review helpful to you? Yes
5.0 4 months ago
Anonymous completed this course.
This course is really exciting. I have rarely followed a MOOC as well.

Internet Security is a much larger area than I thought.
Was this review helpful to you? Yes
  • 1

Class Central

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free