Security & Identity
This course walks the boundaries an attacker probes, in the order data crosses them. Each lesson is one of those boundaries — your repo, the network, your database, your inputs, the browser — and the one habit connecting them: never trust the boundary. It gives you the foundational concepts and hands-on practice you need to recognize where an assumption fails and what to do instead.
What you'll learn
- Keep secrets out of your code, your git history, and your logs
- How TLS turns HTTP into HTTPS and defeats a man-in-the-middle
- Store passwords so a database leak isn't a password leak — and compare secrets in constant time
- Never let untrusted input become code: SQL injection, XSS, and directory traversal
- Browser trust: CORS and CSRF, and what the same-origin policy does and doesn't protect
Prerequisites
Basic comfort with how the web works — HTTP requests, cookies, and a little JavaScript. No prior security experience required.
Estimated time
~30 minutes