YoVDO

Security Vulnerabilities Decomposition - Another Way to Look at Vulnerabilities

Offered By: NDC Conferences via YouTube

Tags

NDC Conferences Courses Encryption Courses Software Security Courses Design Patterns Courses Intrusion Detection Courses Security Vulnerabilities Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a fresh perspective on security vulnerabilities in this 43-minute conference talk from NDC Conferences. Delve into the decomposition of vulnerabilities into familiar security controls, shifting focus from end-stage vulnerability measurement to integrating security measures throughout the software development cycle. Learn about CWEs, injection vulnerabilities, security logging, intrusion detection points, secure data handling, and fundamental security principles. Discover how to implement logging libraries, payment gateways, and single sign-on using design patterns. Gain insights on incorporating security controls from the design phase onwards, making security more developer-friendly and effective. Ideal for developers seeking to enhance the security of their software applications.

Syllabus

Intro
Katy Anton
Common Weakness Enumeration
CWEs in Injection Category
Decompose the Injection
Extract Security Controls
Security Controls: Security Logging
The 6 Best Types of Detection Points
Examples of Intrusion Detection Points
Secure Data Handling: Basic Workflow
Data at Rest: Design Vulnerability example
Tool for Publicly Disclosed Machine Keys
Encryption: Security Controls
Data in Transit: Security Controls
State of Software Security
Root Cause
What is Attack Surface?
Fundamental Security Principle
Components Examples
Implement Logging Library
Simple Wrapper
Implement a Payment Gateway
Adapter Design Pattern
Implement a Single Sign-On
Facade Design Pattern
Secure Software Starts from Design!
Rick Rescorla
Security Controls In Development Cycle
Final Takeaways
References


Taught by

NDC Conferences

Related Courses

Computing: Art, Magic, Science - Part II
ETH Zurich via edX Web Application Development: Basic Concepts
University of New Mexico via Coursera Web Application Development: The Presentation Tier
University of New Mexico via Coursera Técnicas Avançadas para Projeto de Software
Instituto Tecnológico de Aeronáutica via Coursera Programmation objet immersive en Pharo
Inria (French Institute for Research in Computer Science and Automation) via France Université Numerique