Security · Beginner · Live online
Secure Headers and Transport Basics
HSTS, CSP starter policies, and TLS termination pitfalls for API gateways.
Small header mistakes erode trust slowly. We keep scope tight so beginners leave with checklists instead of fear.
Duration: 2 weeks
Tuition (informational): 2,500,000 VND
Final quotes come from admissions. See Money-Back Policy for eligibility.
What ships in the syllabus
- Header bingo exercise with real-world misconfigurations
- CSP report-only rollout plan
- TLS chain debugging lab with openssl recipes
- Reverse proxy comparison worksheet
- Certificate renewal calendar template
- Mentor AMA on common nginx mistakes
- Checklist for staging vs prod parity
Outcomes we actually assess
- Draft a CSP report-only policy for a sample service
- Document your TLS chain renewal owners
- Complete header bingo with annotated fixes
Chi Lam
REST design mentor; leads documentation exercises.
FAQ — including what we skip
Cloudflare specifics?
We reference common patterns but do not administer vendor dashboards.
Mobile apps?
Out of scope—HTTP APIs behind gateways only.
WAF tuning?
Not covered beyond pointing to vendor docs.
Experience notes
“openssl recipes alone saved me a late-night deploy panic.”
“CSP rollout plan was blunt about report noise—helpful.”