Security Vulnerabilities Decomposition - Another Way to Look at Vulnerabilities
Offered By: NDC Conferences via YouTube
Course Description
Overview
Syllabus
Intro
Katy Anton
Common Weakness Enumeration
CWEs in Injection Category
Decompose the Injection
Extract Security Controls
Security Controls: Security Logging
The 6 Best Types of Detection Points
Examples of Intrusion Detection Points
Secure Data Handling: Basic Workflow
Data at Rest: Design Vulnerability example
Tool for Publicly Disclosed Machine Keys
Encryption: Security Controls
Data in Transit: Security Controls
State of Software Security
Root Cause
What is Attack Surface?
Fundamental Security Principle
Components Examples
Implement Logging Library
Simple Wrapper
Implement a Payment Gateway
Adapter Design Pattern
Implement a Single Sign-On
Facade Design Pattern
Secure Software Starts from Design!
Rick Rescorla
Security Controls In Development Cycle
Final Takeaways
References
Taught by
NDC Conferences
Related Courses
Network SecurityRochester Institute of Technology via edX Network Security
Georgia Institute of Technology via Udacity Real-Time Cyber Threat Detection and Mitigation
New York University (NYU) via Coursera Information security - IV
Indian Institute of Technology Madras via Swayam Cyber Security
CEC via Swayam