"The web is safer, and its permission model is more respectful of your privacy."
"I guess it does feel slightly sketchy that Donuts own so much of the internet but it's also under the oversight of a non-profit organization whose goal is to keep the internet safe."
"HTTPS will be automatically forced on your domain."
"The HTTP Only flag ensures cookies can't be accessed by client-side JavaScript, enhancing security."
"But if you are more interested in web security, then checkout the web hacking playlist."
"Next, what we're gonna do is we're gonna put an SSL on your website."
"Developers are often not as familiar with this [SVG], leading to XSS, as with HTML. SVG, definitely one of those extensions to keep an eye on."
"Always ensure your cPanel is up to date for security."
"User authentication is crucial to every single website out there."
"WebAssembly is safe and portable... Runs in any browser without memory overflow exploits."
"These end-to-end encrypted web applications have certain use cases where it can be extremely useful."
"So, now that we've talked about ways to mitigate Spectre, let's talk about other ways that you can keep your web project safe."
"HTTP is just the bare minimum that web users today expect in terms of site security."
"At Chrome, we believe in creating a web that's easy to use securely by default."
"...if I go don't get what I need, then I move to an AWS web application firewall."
"Prevent cross-site scripting attacks with proper sanitization."
"Secure web pages start with HTTPS and display a small lock in the browser."
"HTTPS ensures secure communication between your web browser and a website, protecting your sensitive information during online transactions."
"One other thing to point out is that we should also be looking at the level of encryption on the website."
"There's a near endless amount of information and resources and things you can learn from this web security academy if anyone is a student or just learning about application security or wanting to break into the industry."
"When it comes to web application testing especially we see a lot of vulnerabilities related to injection so SQL injection cross-site scripting etc etc."
"That's sort of the whole point of this video - how we can have a server sort of remember or trust a visitor."
"Let's start building out our user registration and login process."
"One of the most common vulnerabilities is going to be cross-site scripting, also known as XSS."
"That's why it's so dangerous but it's also really common; it's going to be in the top 10 vulnerabilities that you're going to find on pretty much any list."
"Cross-site request forgery is a web security vulnerability that allows an attacker to induce users to perform actions they do not intend to perform."
"Helmet... adds out of the box default headers that are going to make your server 10x more secure."
"Local storage is susceptible to cross-site attacks."
"With HTTP only cookies, we only send the access token as a cookie when we communicate via HTTP requests."
"A high-level understanding of how you can secure them and then using a few examples, I'll show you how you can use a service called Netlify Functions."
"We're going to have some authentication, so we're going to make sure the user is logged in before they create a product."
"If it fails for authentication, then it will return HTTP 401 which is unauthorized."
"If it fails on authorization, then it will return HTTP 403 which is forbidden."
"Both counter component and fetch data component says not authorized, so this is how we secure our individual components."
"Sanitize HTML prior to rendering."
"Without sessions, you wouldn't be able to log into Gmail or to any other site and have the website remember that you are logged in."
"When I actually deploy it to the VM, it will be set up with a certificate."
"We see it setting up the HTTPS, it looks like it was successful."
"Dealing with XSS attacks is super important, so it's important to do that right."
"Whenever you visit any kind of a website, if you see this lock, it's in the same condition, that means you're on the right page."
"So what this allows the server to do is to tell a web browser what types of content can be loaded in the page it's sending back, and also where that content should come from."
"The idea behind JWT is to create a standard way for two parties to communicate securely."
"Content Security Policy is a browser mechanism that aims to mitigate XSS and some other attacks."
"To enable Content Security Policy, a response needs to include a HTTP response header called Content Security Policy with a value contained in the policy."
"We're going to use JWT decode to get the token and then we're simply going to decode it."
"Privacy is essential to everything we do at Apple, and it's critical on the web."
"HTTP only tells the browser that you should never let JavaScript code ever access this cookie."
"Ephemeral... says that no matter how long your cookie is supposed to last for... when the browser closes, kill the cookie."
"Helmet... does a lot of things with HTTP headers to keep your website safe."
"Flask provides utilities to protect against common web application vulnerabilities like CSRF and XSS."
"We're going to use NEX off to handle the authentication."
"All communication on the web should be secure by default."
"I believe that all communication on the web should be secure by default, which is to say HTTPS should be everywhere."
"There's only one performance problem that TLS has today, and that is that it's not deployed widely enough."
"Fiddler is also enormously useful for testing the security position of web applications."
"This authorized route view will make it possible for us to display certain content based on the user's authentication status."
"Understanding security as a web developer, even if you're a front-end developer, is still important because you don't want to make a website that is insecure and have your users' data leaked."
"Web security is hard... there are very intelligent people out there who are persistent and sophisticated in their approach to compromising valuable data."
"To protect our website from such an attack, Flask delivers us a very easy feature to apply protection."
"We believe the world's most widely used web scanner."
"That might well be the only web security tool they need."
"We want to be one of the best security web security tools in the world, including commercial tools."
"ZAP has a very very powerful API which exceeds that most commercial tools."
"Validating the input basically means you should validate the input fields that your website has."
"It really adds an extra layer of security to your front-end."
"Congratulations, you've now installed an SSL certificate which is crucial for a website today."
"Course is a security thing that lets us make requests to this back end from our UI from a different port without giving any errors."
"The best option is always to have somebody manually exploring a web application."
"Cross-site request forgery and that token basically exists so that some third party can't spoof my session."
"To solve these problems, HTTPS came into the picture."
"HTTPS is table stakes for progressive web apps to keep your users and your business safe."