Demo for web security basics talks.
- https://www.owasp.org/index.php/Main_Page
- https://securityheaders.com
- https://www.ssllabs.com/ssltest
- https://www.srihash.org/
- https://caniuse.com/
- https://www.sans.org/top25-software-errors/
- https://pages.nist.gov/800-63-3/sp800-63b.html
- https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
- https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html
- https://andrewlock.net/preventing-mass-assignment-or-over-posting-in-asp-net-core/
- https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
- https://www.troyhunt.com/understanding-csrf-video-tutorial/
- https://scotthelme.co.uk/hardening-your-http-response-headers/#x-xss-protection
- https://scotthelme.co.uk/introducing-xss-reporting-to-report-uri/
- https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content
- https://www.troyhunt.com/understanding-risk-of-mixed-content/
- https://scotthelme.co.uk/hardening-your-http-response-headers/#strict-transport-security
- https://scotthelme.co.uk/hsts-preloading/
- https://www.troyhunt.com/understanding-http-strict-transport/
- https://scotthelme.co.uk/content-security-policy-an-introduction/
- https://www.troyhunt.com/the-javascript-supply-chain-paradox-sri-csp-and-trust-in-third-party-libraries/
- https://www.troyhunt.com/locking-down-your-website-scripts-with-csp-hashes-nonces-and-report-uri/
- https://www.troyhunt.com/clickjack-attack-hidden-threat-right-in/
- https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options
- https://www.troyhunt.com/protecting-your-embedded-content-with-subresource-integrity-sri/
- https://scotthelme.co.uk/subresource-integrity/
- https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
- https://medium.com/@ethicalevil/nosniff-and-the-rabbit-hole-of-mime-sniffing-in-browsers-9f764a454a46
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
- https://www.troyhunt.com/clickjack-attack-hidden-threat-right-in/
- https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options
- https://www.troyhunt.com/protecting-your-embedded-content-with-subresource-integrity-sri/
- https://scotthelme.co.uk/subresource-integrity/
- https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
- https://medium.com/@ethicalevil/nosniff-and-the-rabbit-hole-of-mime-sniffing-in-browsers-9f764a454a46
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
- https://app.pluralsight.com/library/courses/hack-yourself-first/table-of-contents
- https://app.pluralsight.com/library/courses/hack-your-api-first/table-of-contents
- https://app.pluralsight.com/library/courses/play-by-play-website-security-review-troy-hunt-lars-klint/table-of-contents
- https://app.pluralsight.com/library/courses/web-security-owasp-top10-big-picture/table-of-contents
- https://app.pluralsight.com/library/courses/secure-account-management-fundamentals/table-of-contents
- https://app.pluralsight.com/library/courses/https-every-developer-must-know/table-of-contents