“If you focus your career in security, chances are you will meet web development at some point, and not having an understanding of how the web works will penalize you and limit your ability to communicate with web developers.”
Understanding the position of web developer can help you understand how to apply security best practices. Likewise, knowledge of security best practices can help your career as a web developer.
“If you want to carry on in web development, understanding web security will give you a heads up compared to anyone else in the industry,” says Turckheim. “You will be hired not only because you can build applications, but also because you can build applications that have fewer chances to be broken into.”
And that makes you a more valuable asset.
“There is little content on the internet on how to secure or use some of these mechanisms, so I would recommend taking a look at the courses — even if you have experience in those areas,” says Turckheim. “I’m going to teach you the gap between traditional web security and web security today.”
Turckheim, who is an active member of the Node.js Security Working Group and an official Node.js collaborator, also teaches a Writing Secure Code in Node.js Learning Path.
Turckheim designed his courses to prioritize the most current and relevant information while also reviewing more foundational concepts.
“The things I repeat or go deeper into are probably the most less-known parts,” notes Turckheim. “The things I cover faster might still be complicated, but there is enough literature online already to help you learn.” He likes “to focus and spend the most time where the resources are hard to find and the learning gap is harder.”
Topics covered in his Infosec Skills courses include:
- The security model of browser applications
- The impact of security headers and modern XSS mitigation techniques (including trusted types)
- The basis of Node.js security
- Common attacks against modern websites (including clickjacking attacks)
“You’re going to put something on the internet. Do you know what security problems this can lead to?” he asks. “I would recommend this learning path to anyone who has anything running on the internet.”
Lastly, Turchkeim highlights the benefit of talking to people who have the career you want.
“If you have an idea what your dream job is two years from now, sit with someone who already has this dream job. Contact them. People are actually incredibly open to talk about their job and to tell you what you need to learn. Then apply for that job in two years.”