Web Security Essentials: MITM, CSRF, and XSS by Mike Sherov

• Add https to a Localhost Express App to Prevent MITM Attacks
• Simulate Man in the Middle Attacks and Inspect Network Traffic with Charles Proxy
• Redirect All HTTP Traffic to HTTPS in Express to Ensure All Responses are Secure
• Set the Secure Cookie Flag to Ensure Cookies are Only Sent Over Secure Connections
• Course Overview: Web Security Essentials
• Add HSTS Headers to Express Apps to Ensure All Requests are https Requests
• Create a Proof of Concept Exploit of a CSRF Vulnerable Website
• Mitigate CSRF Attacks by Setting the SameSite Cookie Flag in Express
• Add CSRF Token Middleware to an Express Server to Mitigate CSRF
• Make an XSS Payload to Read a Cookie from a Vulnerable Website
• Set the httpOnly Cookie Flag in Express to Ensure Cookies are Inaccessible from JavaScript
• Make an XSS Payload to Read document.body from a Vulnerable Website
• Prevent Inline Script Execution by Implementing Script-Src CSP Headers in Express
• Read Document Content from a Vulnerable Website via Script Tag Injection in an XSS Payload
• Add a Nonce Based script-src Header in Express to Only Allow Scripts that Match the Nonce
• Prompt Users for Credentials from a Vulnerable Website via iframe Injection
• Add a default-src CSP Header in Express to Enforce an Allowlist and Mitigate XSS