Got Software - Need a Security Test Plan - Got You Covered
Offered By: YouTube
Course Description
Overview
Explore a comprehensive security test plan for software development in this 45-minute conference talk from BSides Columbus Ohio 2015. Learn about layered security mechanisms, positive security models, and the principle of least privilege. Discover how to implement OAuth, session management, access control, and cryptography. Examine the four levels of security testing, from OS to verification requirements. Gain insights into handling input risks, error logging, data protection, and HTTP security. Understand the importance of malicious controls, business logic, and mobile security considerations. Conclude with a five-step process for immediate implementation of security testing in your software projects.
Syllabus
Intro
Bill Sempf
Adrian
ASDs
OAuth
Does it provide a standard
The focus of this talk
Layered security mechanisms
Positive security model
Application should fail securely
Least privilege
Separation of duties
Security by obscurity
Input is a risk
How do we bake this in
There are four levels
OS vs Level 0
Opportunistic Level
Standard Level
Verification Requirements
OAuth Requirements
Session Management
Access Control
Cryptography
Error Handling Logging
Data Protection
Communication
HTTP Security
Malicious Controls
Business Logic
File Upload
Mobile
Whats next
Five step process
AB Immediate needs
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube