Web security always intrigued me. The exposure I got as a student — both in my final project and as a participant in the Excellent Undergraduates Program at the BIU Cyber Center — made me even more curious.
What is web security?
Web security means protecting a website or web application by detecting, preventing, and responding to cyber threats.
Here are some examples of web security practices:
Let’s start with Gmail by Google. You get notified when there was a log into your Gmail account from an unknown source, asking if it was you. This is their way to protect you against a scenario where someone got a hand on your password.
You can also see it in your work email. Every time you receive an email from someone outside of your organization, it will start with a warning, emphasizing it is from an external sender. This is to prevent phishing, which is when someone pretends to be someone else, most likely someone from your organization, in order to get sensitive data out of you.
Another common example is where websites require “strong passwords”, which means passwords of a certain length (at least 8) that combine alpha and numeric characters. That is because when you have an easy password, it can be quickly discovered by trials and errors.
Fun fact: Every character you add and every variety of characters you use will boost your password’s security exponentially! To make it more clear: An easy password can be cracked in less than a second, and a very hard password will not be cracked in your lifetime (well, maybe that statement depends on how future technology develops).
It is a very interesting subject, and you can read more about it here and here.
Web security seems intimidating
The examples above were only of how websites instruct their users to practice safer use. Web security is also practiced by companies to protect themselves from malicious users. Here are a few things for which website owners need protection: The safety of their product (items, money, etc), their or their users’ data, access roles, a shutdown of the website, and so much more…
As you can see, the number of things to consider when trying to secure a website looks overwhelming. It seems like it can never be conquered. There will always be some hacker that will invent something unexpected. How can one take responsibility for the safety of an application?
Luckily, my manager suggested that our team will do technical courses at LinkedIn Learning (Lynda). It seemed to me like a great opportunity to revisit that subject, so I chose to take the course Programming Foundations: Web Security.
The web security world is fascinating
I’m happy I decided to do it because in one of the first videos, “Total security is unachievable”, they said:
“Dennis Hughes is credited as having said the only secure computer is one that’s unplugged, locked in a safe and buried 20 feet under the ground in a secret location, and I’m not even too sure about that one.”
This showed me both that my worries were legitimate and that it shouldn’t have stopped me. So I continued taking the course, which made the next ten rides home very interesting. More than that, it gave me cool facts to share on lunch breaks.
Another fact that stuck with me after finishing this course was:
“It is essential to regularly update all the software. Security vulnerabilities are reported and patched constantly. Hackers pay attention when security fixes are released so that they can quickly use the vulnerabilities before everyone upgrades. When a new version comes out, patch immediately so that you win the race against the hackers.”
I guess that is why I like this field so much: because it has a level of psychology and behavioral analysis. You learn both about users’ mode of action and hackers’ techniques.
Speaking of a user’s mode of action:
The picture above is a good example of how people can make innocent mistakes that would have a big impact. The same goes for using the internet. In that picture you can see a lottery winner taking the traditional winning picture with a mask on to keep his privacy, forgetting that he has a name tag on his uniform. Not so confidential anymore, ah?
If it wasn’t clear by now — I highly recommend taking this course.
On that note, I also recommend trying things that scare you and make you think they’re too big to handle!
Link to the course: https://www.linkedin.com/learning/programming-foundations-web-security-2
Like my course recommendations? You can find more here: 3 LinkedIn Learning (Lynda) Courses You Should Take