1. Introduction

2. The Hands-On Environment

3. Threat Modelling

4. Transport and Encryption

5. Installing and Configuring Services

6. APIs and Endpoints

7. Cookies and User Input

8. Cross-Site Requests

9. Password Management

10. Authentication and Authorization

11. OAuth2

12. Logging and Monitoring

13. Third-Party and Supply Chain Security

14. Further Resources.

Matthew Baker is the Head of Scientific Software and Data Management at ETH Zurich, Switzerland’s leading science and technology university, He leads a team of engineers developing custom software to support STEM research projects, as well as teaches computer science  short courses.  Having over 25 years of experience developing software, he has worked as a developer, systems administrator, project manager and consultant in various sectors from banking and insurance, science and engineering, to military intelligence.  

Cyberattacks are becoming more commonplace and the Open Web Application Security Project (OWASP), estimates 94% of sites have flaws in their access control alone.  Attacks evolve to work around new defenses, and defenses must evolve to remain effective.  Developers need to understand the fundamentals of attacks and defenses in order to comprehend new techniques as they become available.