OWASP Secure Coding

Insecure software is undermining our financial, healthcare, defense, energy, and other critical infrastructure worldwide. As our digital, global infrastructure gets increasingly complex and interconnected, the difficulty of achieving application security increases exponentially. We can no longer afford to tolerate relatively simple security problems.

Beginner 5(2 Penilaian) 13 Peserta mengikuti
Dibuat oleh Jundi Harsya Terakhir diperbarui Tue, 16-Feb-2021 English
Apa yang akan saya pelajari ?

Topik untuk training ini
48 Materi & Ujian 00:00:00 Waktu
Introduction
1 Materi & Ujian 00:00:00 Waktu
  • Introduction
  • Description
  • Implementation
  • Vulnerabilities Prevented
  • Description
  • Implementation Best Practices
  • Vulnerabilities Prevented
  • Tools
  • Description
  • Secure Queries
  • Secure Configuration, Authentication, and Communication
  • Vulnerabilities Prevented
  • Description
  • Contextual Output Encoding
  • Other Types of Encoding and Injection Defense
  • Vulnerabilities Prevented
  • Description
  • Syntax and Semantic Validity
  • Whitelisting vs Blacklisting
  • Client side and Server side Validation
  • Regular Expressions
  • Limits of Input Validation
  • Challenges of Validating Serialized Data
  • Unexpected User Input (Mass Assignment)
  • Validating and Sanitizing HTML
  • Validation Functionality in Libraries and Frameworks
  • Vulnerabilities Prevented
  • Description
  • Authentication Levels
  • Session Management
  • Caution
  • Vulnerabilities Prevented
  • Description
  • Access Control Design Principles
  • Vulnerabilities Prevented
  • Description
  • Data Classification
  • Encrypting Data in Transit
  • Encrypting Data at Rest
  • Vulnerabilities Prevented
  • Description
  • Benefits of Security Logging
  • Security Logging Implementation
  • Secure Logging Design
  • Description
  • Error Handling Mistakes
  • Positive Advice
  • Multiple Choice 00:00:00
Persyaratan
+ Tampilkan lebih banyak
Deskripsi

Insecure software is undermining our financial, healthcare, defense, energy, and other critical infrastructure worldwide. As our digital, global infrastructure gets increasingly complex and interconnected, the difficulty of achieving application security increases exponentially. We can no longer afford to tolerate relatively simple security problems.

In this course, we will learn how to do secure coding or secure development using The OWASP Top Ten Proactive Controls 2018 as a guidance. The OWASP Top Ten Proactive Controls 2018 is a list of security techniques that should be considered for every software development project. This course is written for developers to assist those new to secure development.

One of the main goals of this course is to provide concrete practical guidance that helps developers build secure software. These techniques should be applied proactively at the early stages of software development to ensure maximum effectiveness.

This course is intended to provide initial awareness around building secure software. This course will also provide a good foundation of topics to help drive introductory software security developer training. These controls should be used consistently and thoroughly throughout all applications. However, this course should be seen as a starting point rather than a comprehensive set of techniques and practices. A full secure development process should include comprehensive requirements from a standard such as the OWASP ASVS in addition to including a range of software development activities described in maturity models such as OWASP SAMM and BSIMM.

+ Tampilkan lebih banyak
Training lain yang sejenis
Tentang instruktur
  • 6 Ulasan
  • 54 Peserta
  • 8 Training
+ Tampilkan lebih banyak
Penilaian peserta
5
Rata-rata penilaian
  • 0%
  • 0%
  • 0%
  • 0%
  • 100%
Ulasan
  • Thu, 29-Oct-2020
    Toimul Andri
    Pelatihannya bagus dan bermafaat untuj menunjang pekerjaan saya
  • Sat, 31-Jul-2021
    Vico Delta Frihannedy
Rp 200.000
Beli sekarang
Training ini terdiri dari:
  • 48 Materi & Ujian
  • Akses di smartphone dan laptop
  • Certificate of Excellence