1 00:00:02,040 --> 00:00:04,550 Now, before we dive into different 2 00:00:04,550 --> 00:00:08,970 attack patterns and ways of attacking websites, 3 00:00:08,970 --> 00:00:11,230 I wanna come back to the important comparison 4 00:00:11,230 --> 00:00:14,600 of security to authentication 5 00:00:14,600 --> 00:00:18,300 because it might sound very similar and related, 6 00:00:18,300 --> 00:00:20,763 but it is only loosely related. 7 00:00:21,680 --> 00:00:26,250 With authentication, we mean that we add the login, 8 00:00:26,250 --> 00:00:29,350 signup and logout features to our website 9 00:00:29,350 --> 00:00:33,650 and we simply differentiate between users who are anonymous, 10 00:00:33,650 --> 00:00:36,380 who haven't created an account with us, 11 00:00:36,380 --> 00:00:38,180 and users who we know. 12 00:00:38,180 --> 00:00:40,050 That's the main difference. 13 00:00:40,050 --> 00:00:44,700 And then, of course, we might unlock certain features 14 00:00:44,700 --> 00:00:46,570 that our website should offer 15 00:00:46,570 --> 00:00:50,500 to those privileged users who have an account. 16 00:00:50,500 --> 00:00:53,500 So we have different features on the website 17 00:00:53,500 --> 00:00:58,490 and some features are only accessible for logged in users. 18 00:00:58,490 --> 00:01:01,560 And, of course, this is some kind of security. 19 00:01:01,560 --> 00:01:04,349 If only administrators on a blog page 20 00:01:04,349 --> 00:01:07,070 can delete and edit blog posts, 21 00:01:07,070 --> 00:01:10,720 then, of course, adding authentication to the page 22 00:01:10,720 --> 00:01:15,660 ensures that the data is protected and that malicious users 23 00:01:15,660 --> 00:01:19,620 can't start deleting our blog posts. 24 00:01:19,620 --> 00:01:21,520 But in the end, if you take a closer look, 25 00:01:21,520 --> 00:01:23,550 it's really just about controlling 26 00:01:23,550 --> 00:01:26,770 which intended website features are offered 27 00:01:26,770 --> 00:01:28,610 to which audience, 28 00:01:28,610 --> 00:01:32,300 but we're talking about a pool of intended actions 29 00:01:32,300 --> 00:01:36,090 that should be doable by regular visitors. 30 00:01:36,090 --> 00:01:39,170 We just wanna control which kind of visitors 31 00:01:39,170 --> 00:01:41,340 can perform which action. 32 00:01:41,340 --> 00:01:44,470 That's the idea behind authentication. 33 00:01:44,470 --> 00:01:48,910 When we talk about website security, then it's different. 34 00:01:48,910 --> 00:01:52,930 Here, we wanna protect against attacks and actions 35 00:01:52,930 --> 00:01:55,900 that could be performed by malicious users 36 00:01:55,900 --> 00:01:57,720 that should never be allowed. 37 00:01:57,720 --> 00:01:59,290 There might be certain actions 38 00:01:59,290 --> 00:02:01,870 that we never expect to have on our website. 39 00:02:01,870 --> 00:02:06,840 No user should be able to fetch a list of all accounts 40 00:02:06,840 --> 00:02:09,990 or should be able to delete database tables. 41 00:02:09,990 --> 00:02:13,050 That should not be possible for any user. 42 00:02:13,050 --> 00:02:15,800 No user should be able to steal the data 43 00:02:15,800 --> 00:02:18,330 of other visitors of our site. 44 00:02:18,330 --> 00:02:20,900 So when we talk about website security, 45 00:02:20,900 --> 00:02:24,940 we wanna ensure that our website has no security holes, 46 00:02:24,940 --> 00:02:29,700 no vulnerabilities that can be abused by attackers. 47 00:02:29,700 --> 00:02:32,110 And even though you might not think 48 00:02:32,110 --> 00:02:34,960 that you have vulnerabilities on your website, 49 00:02:34,960 --> 00:02:37,910 there are a couple of common attack patterns 50 00:02:37,910 --> 00:02:40,920 to which actually an astonishing amount of websites 51 00:02:40,920 --> 00:02:43,750 out there are vulnerable. 52 00:02:43,750 --> 00:02:46,920 And to ensure that your page is not one of those pages 53 00:02:46,920 --> 00:02:49,670 that are vulnerable, in this course section, 54 00:02:49,670 --> 00:02:52,270 we're going to dive into these most common 55 00:02:52,270 --> 00:02:54,270 and dangerous attack patterns 56 00:02:54,270 --> 00:02:57,450 so that you know how you can harden your website 57 00:02:57,450 --> 00:02:59,460 and how you can protect your website 58 00:02:59,460 --> 00:03:01,373 against those attack patterns.