hectoday
DocsCoursesChangelog GitHub
DocsCoursesChangelog GitHub

Access Required

Enter your access code to view courses.

Invalid code

← All courses

Web Security Fundamentals with @hectoday/http

Learn to find and fix the most common web vulnerabilities. SQL injection, XSS, SSRF, path traversal, IDOR, open redirects, and more — each demonstrated and defended in a real Hectoday HTTP app.

Beginner-Intermediate ~8 hours

The Attacker's Mindset

  1. Thinking Like an Attacker
  2. Project Setup

Injection Attacks

  1. SQL Injection
  2. SQL Injection: Beyond the Basics
  3. Command Injection
  4. Header Injection

Cross-Site Scripting (XSS)

  1. What Is XSS?
  2. Output Encoding
  3. Content Security Policy in Practice

Broken Access and Redirects

  1. Insecure Direct Object References (IDOR)
  2. Open Redirects
  3. Server-Side Request Forgery (SSRF)

File and Data Handling

  1. Path Traversal
  2. Mass Assignment
  3. Denial of Service via Input

Putting It All Together

  1. Security Testing
  2. The OWASP Top 10
  3. Capstone: Hardened Notes API

© 2026 hectoday. All rights reserved.