What is security?

- Let's begin our examination of web security with a simple definition. Webster's Dictionary defines security as the state of being protected or safe from harm, things done to make people or places safe, measures taken to guard against espionage or sabotage, crime, attack, or escape. So security is both the state of being protected and the measures that we take to protect. This serves as a good general definition of security. In this course, we'll be focused on security of a specific industry, web development. What makes a website secure? When the web server and all of its applications are protected and safe from harm. Websites require special consideration. They're high-profile. In fact, they're the main public face of a company. They represent the brand. Websites allow organizations to interact with users and in some cases provide a major source of revenue. It's not uncommon for a website to be the whole company. Users need to be able to trust that websites will keep their information safe. That may include personal identifying information, credit card numbers, salary data, or healthcare information. It's our job as developers to provide security so that the projects we put on the web are trustworthy, and that's a big responsibility. To effectively protect a website, we first need to be aware of the risks and the pitfalls. We need to know who could do us harm and how they could do it. We can only assert that something is secure after we've surveyed the potential problems and have confidence that we have the right safeguards in place. This can be expressed as a simple equation. Awareness plus adequate protection equals security. My goal in this course is to provide awareness of potential threats. It's on you to do the second half, to put the necessary safeguards in place. Spending a lot of time and money on protections is meaningless if your actions aren't based on an awareness of the actual risks and threats. Awareness is just as important as the protection itself because it guides your efforts. Effective web security should be built on an awareness of the real and specific threats. Online security is a very broad and deep topic. In this course, our focus will be on the general principles and the mental models that will give you a way to approach the topic, and then we'll look at some of the biggest threats and discuss principle-based strategies for handling them.