Secure Coding - OWASP TOP 10

Teknologi Informasi (TI)

Secure Coding - OWASP TOP 10

online

Oleh

Jundi Harsya

(0)

icon Indonesia

icon ~

Apa yang kamu pelajari

Introduction
C1: Define Security Requirements
C2: Leverage Security Frameworks and Libraries
C3: Secure Database Access
C4: Encode and Escape Data
C5: Validate All Inputs
C6: Implement Digital Identity
C7: Enforce Access Controls
C8: Protect Data Everywhere
C9: Implement Security Logging and Monitoring
C10: Handle all Errors and Exceptions
Exams

...

Secure Coding - OWASP TOP 10

Insecure software is undermining our financial, healthcare, defense, energy, and other critical infrastructure worldwide. As our digital, global infrastructure gets increasingly complex and interconnected, the difficulty of achieving application security increases exponentially. We can no longer afford to tolerate relatively simple security problems.

Konten Training

Introduction

Description
Implementation
Vulnerabilities Prevented

Description
Implementation Best Practices
Vulnerabilities Prevented
Tools

Description
Secure Queries
Secure Configuration, Authentication, and Communication
Vulnerabilities Prevented

Description
Contextual Output Encoding
Other Types of Encoding and Injection Defense
Vulnerabilities Prevented

Description
Syntax and Semantic Validity
Whitelisting vs Blacklisting
Client side and Server side Validation
Regular Expressions
Limits of Input Validation
Challenges of Validating Serialized Data
Unexpected User Input (Mass Assignment)
Validating and Sanitizing HTML
Validation Functionality in Libraries and Frameworks
Vulnerabilities Prevented

Description
Authentication Levels
Session Management
Caution
Vulnerabilities Prevented

Description
Access Control Design Principles
Vulnerabilities Prevented

Description
Data Classification
Encrypting Data in Transit
Encrypting Data at Rest
Vulnerabilities Prevented

Description
Benefits of Security Logging
Security Logging Implementation
Secure Logging Design

Description
Error Handling Mistakes
Positive Advice

Multiple Choice
00:00:00

Deskripsi

In this course, we will learn how to do secure coding or secure development using The OWASP Top Ten Proactive Controls 2018 as a guidance. The OWASP Top Ten Proactive Controls 2018 is a list of security techniques that should be considered for every software development project. This course is written for developers to assist those new to secure development.

One of the main goals of this course is to provide concrete practical guidance that helps developers build secure software. These techniques should be applied proactively at the early stages of software development to ensure maximum effectiveness.

This course is intended to provide initial awareness around building secure software. This course will also provide a good foundation of topics to help drive introductory software security developer training. These controls should be used consistently and thoroughly throughout all applications. However, this course should be seen as a starting point rather than a comprehensive set of techniques and practices. A full secure development process should include comprehensive requirements from a standard such as the OWASP ASVS in addition to including a range of software development activities described in maturity models such as OWASP SAMM and BSIMM.