Topics covered include:
A framework for deciding what needs to be protected and how stronglyConfiguring services such as databases and web serversSafe use of HTTP methods such as GET, POST, etc, cookies and use of HTTPSSafe REST APIsServer-side attacks and defenses such as injection and cross-site scriptingClient-side attacks and defenses such as cross-site request forgerySecurity techniques such as CORS, CSPPassword management, authentication and authorization, including OAuth2Best practices for dangerous operations such as password change and resetUse of third-party components and supply chain security (Git, CI/CD etc)