YoVDO

OWASP Top 10: #3 Sensitive Data Exposure and #4 External Entities (XXE)

Offered By: LinkedIn Learning

Tags

XML External Entity (XXE) Injection Courses Web Development Courses Cybersecurity Courses Encryption Courses Software Security Courses Input Validation Courses

Course Description

Overview

Get an overview of the #3 and #4 top software vulnerabilities—injection and insecure design—described in the 2021 OWASP Top 10.

Syllabus

Introduction
  • 2021 OWASP Top 10
  • What you should know
1. Injection
  • What is injection?
  • Example #1: 2008 Heartland data breach
  • Example #2: 2020 Accellion data breach
  • Prevention technique #1: Prepared statements
  • Prevention technique #2: Input validation
  • Prevention technique #3: Escape special characters
2. Insecure Design
  • What is insecure design?
  • Real-world example #1: G Suite accounts in 2018
  • Real-world example #2: 2021 manufacturing data risk report
  • Prevention technique #1: Threat modeling
  • Prevention technique #2: Secure design patterns and principles
  • Prevention technique #3: Secure development lifecycle
Conclusion
  • Next steps

Taught by

Caroline Wong

Related Courses

Secure Coding: Identifying and Mitigating XML External Entity (XXE) Vulnerabilities
Pluralsight
Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core
Pluralsight
OWASP Top 10 - A4:2017 - XML External Entities
Cybrary
Uncle Rat's XXE Handbook
Udemy
Hunting Asynchronous Vulnerabilities
44CON Information Security Conference via YouTube