OWASP Top 10: #3 Sensitive Data Exposure and #4 External Entities (XXE)
Offered By: LinkedIn Learning
Course Description
Overview
Get an overview of the #3 and #4 top software vulnerabilities—injection and insecure design—described in the 2021 OWASP Top 10.
Syllabus
Introduction
- 2021 OWASP Top 10
- What you should know
- What is injection?
- Example #1: 2008 Heartland data breach
- Example #2: 2020 Accellion data breach
- Prevention technique #1: Prepared statements
- Prevention technique #2: Input validation
- Prevention technique #3: Escape special characters
- What is insecure design?
- Real-world example #1: G Suite accounts in 2018
- Real-world example #2: 2021 manufacturing data risk report
- Prevention technique #1: Threat modeling
- Prevention technique #2: Secure design patterns and principles
- Prevention technique #3: Secure development lifecycle
- Next steps
Taught by
Caroline Wong
Related Courses
Secure Coding: Identifying and Mitigating XML External Entity (XXE) VulnerabilitiesPluralsight Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core
Pluralsight OWASP Top 10 - A4:2017 - XML External Entities
Cybrary Uncle Rat's XXE Handbook
Udemy Hunting Asynchronous Vulnerabilities
44CON Information Security Conference via YouTube