YoVDO

OWASP Top 10: #3 Sensitive Data Exposure and #4 External Entities (XXE)

Offered By: LinkedIn Learning

Tags

XML External Entity (XXE) Injection Courses Web Development Courses Cybersecurity Courses Encryption Courses Software Security Courses Input Validation Courses

Course Description

Overview

Get an overview of the #3 and #4 top software vulnerabilities—injection and insecure design—described in the 2021 OWASP Top 10.

Syllabus

Introduction
  • 2021 OWASP Top 10
  • What you should know
1. Injection
  • What is injection?
  • Example #1: 2008 Heartland data breach
  • Example #2: 2020 Accellion data breach
  • Prevention technique #1: Prepared statements
  • Prevention technique #2: Input validation
  • Prevention technique #3: Escape special characters
2. Insecure Design
  • What is insecure design?
  • Real-world example #1: G Suite accounts in 2018
  • Real-world example #2: 2021 manufacturing data risk report
  • Prevention technique #1: Threat modeling
  • Prevention technique #2: Secure design patterns and principles
  • Prevention technique #3: Secure development lifecycle
Conclusion
  • Next steps

Taught by

Caroline Wong

Related Courses

Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld Systems
Vanderbilt University via Coursera
Engineering Maintainable Android Apps
Vanderbilt University via Coursera
Software Design as an Element of the Software Development Lifecycle
University of Colorado System via Coursera
Secure Software Development
Pluralsight
Secure Software Concepts for CSSLP®
Pluralsight