├── 01-web-security-course-overview.md
├── 02-simulate-session-hijacking-attacks-and-inspect-network-traffic-with-charles-proxy.md
├── 03-express-add-https-to-a-localhost-express-app-to-prevent-mitm-attacks.md
├── 04-egghead-redirect-all-http-traffic-to-https-in-express-to-ensure-all-responses-are-secure.md
├── 05-set-the-secure-cookie-flag-to-ensure-cookies-are-only-sent-over-secure-connections.md
├── 06-add-hsts-headers-to-express-apps-to-ensure-all-requests-are-secure.md
├── 07-egghead-create-a-proof-of-concept-exploit-of-a-csrf-vulnerable-website.md
├── 08-egghead-mitigate-csrf-attacks-by-setting-the-samesite-cookie-flag-in-express.md
├── 09-add-csrf-token-middleware-to-an-express-server-to-mitigate-csrf.md
├── 10-gghead-make-an-xss-payload-to-read-a-cookie-from-a-vulnerable-website.md
├── 11-set-the-httponly-cookie-flag-in-express-to-ensure-cookies-are-inaccessible-from-javascript.md
├── 12-make-ac-xss-payload-to-read-documentbody-from-a-vulnerable-website.md
├── 13-prepare-a-vulnerable-website-for-csp-enforcement-with-report-only-csp-headers-in-express.md
├── 14-read-document-content-from-a-vulnerable-website-via-script-tag-injection-in-an-xss-payload.md
├── 15-add-a-nonce-based-script-src-header-in-express-to-only-allow-scripts-that-match-the-nonce.md
├── 16-prompt-users-for-credentials-from-a-vulnerable-website-via-iframe-injection.md
├── 17-add-a-default-src-csp-header-in-express-to-enforce-an-allowlist-and-mitigate-xss.md
├── EGH_WebSecurity.png
└── README.md


/01-web-security-course-overview.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/01-web-security-course-overview.md


--------------------------------------------------------------------------------
/02-simulate-session-hijacking-attacks-and-inspect-network-traffic-with-charles-proxy.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/02-simulate-session-hijacking-attacks-and-inspect-network-traffic-with-charles-proxy.md


--------------------------------------------------------------------------------
/03-express-add-https-to-a-localhost-express-app-to-prevent-mitm-attacks.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/03-express-add-https-to-a-localhost-express-app-to-prevent-mitm-attacks.md


--------------------------------------------------------------------------------
/04-egghead-redirect-all-http-traffic-to-https-in-express-to-ensure-all-responses-are-secure.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/04-egghead-redirect-all-http-traffic-to-https-in-express-to-ensure-all-responses-are-secure.md


--------------------------------------------------------------------------------
/05-set-the-secure-cookie-flag-to-ensure-cookies-are-only-sent-over-secure-connections.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/05-set-the-secure-cookie-flag-to-ensure-cookies-are-only-sent-over-secure-connections.md


--------------------------------------------------------------------------------
/06-add-hsts-headers-to-express-apps-to-ensure-all-requests-are-secure.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/06-add-hsts-headers-to-express-apps-to-ensure-all-requests-are-secure.md


--------------------------------------------------------------------------------
/07-egghead-create-a-proof-of-concept-exploit-of-a-csrf-vulnerable-website.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/07-egghead-create-a-proof-of-concept-exploit-of-a-csrf-vulnerable-website.md


--------------------------------------------------------------------------------
/08-egghead-mitigate-csrf-attacks-by-setting-the-samesite-cookie-flag-in-express.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/08-egghead-mitigate-csrf-attacks-by-setting-the-samesite-cookie-flag-in-express.md


--------------------------------------------------------------------------------
/09-add-csrf-token-middleware-to-an-express-server-to-mitigate-csrf.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/09-add-csrf-token-middleware-to-an-express-server-to-mitigate-csrf.md


--------------------------------------------------------------------------------
/10-gghead-make-an-xss-payload-to-read-a-cookie-from-a-vulnerable-website.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/10-gghead-make-an-xss-payload-to-read-a-cookie-from-a-vulnerable-website.md


--------------------------------------------------------------------------------
/11-set-the-httponly-cookie-flag-in-express-to-ensure-cookies-are-inaccessible-from-javascript.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/11-set-the-httponly-cookie-flag-in-express-to-ensure-cookies-are-inaccessible-from-javascript.md


--------------------------------------------------------------------------------
/12-make-ac-xss-payload-to-read-documentbody-from-a-vulnerable-website.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/12-make-ac-xss-payload-to-read-documentbody-from-a-vulnerable-website.md


--------------------------------------------------------------------------------
/13-prepare-a-vulnerable-website-for-csp-enforcement-with-report-only-csp-headers-in-express.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/13-prepare-a-vulnerable-website-for-csp-enforcement-with-report-only-csp-headers-in-express.md


--------------------------------------------------------------------------------
/14-read-document-content-from-a-vulnerable-website-via-script-tag-injection-in-an-xss-payload.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/14-read-document-content-from-a-vulnerable-website-via-script-tag-injection-in-an-xss-payload.md


--------------------------------------------------------------------------------
/15-add-a-nonce-based-script-src-header-in-express-to-only-allow-scripts-that-match-the-nonce.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/15-add-a-nonce-based-script-src-header-in-express-to-only-allow-scripts-that-match-the-nonce.md


--------------------------------------------------------------------------------
/16-prompt-users-for-credentials-from-a-vulnerable-website-via-iframe-injection.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/16-prompt-users-for-credentials-from-a-vulnerable-website-via-iframe-injection.md


--------------------------------------------------------------------------------
/17-add-a-default-src-csp-header-in-express-to-enforce-an-allowlist-and-mitigate-xss.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/17-add-a-default-src-csp-header-in-express-to-enforce-an-allowlist-and-mitigate-xss.md


--------------------------------------------------------------------------------
/EGH_WebSecurity.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/EGH_WebSecurity.png


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/willjohnsonio/eggheadio-web-security-essentails/HEAD/README.md


--------------------------------------------------------------------------------