Directory
视频
Course: Identifying Security Vulnerabilities. Click here to go back.
- Course Introduction
- Module 1 Introduction
- Fundamental Concepts in Security
- The STRIDE Method Via Example
- STRIDE Threats In More Detail Via Example
- Trust Boundaries
- Cryptography Basics Introduction
- Cryptography Basics: Block Ciphers
- Cryptography Basics: Symmetric and Asymmetric Cryptography
- Cryptography Basics: Hash Functions
- Cryptography Basics: Application to Threat Models
- Lab: Threat Model Activity
- OWASP Top 10 Proactive Controls and Exploits - Part 1
- OWASP Top 10 Proactive Controls and Exploits - Part 2
- Module 2 Introduction
- General Concepts: Injection Problems
- SQL Injection Problems
- Mitigating SQL Injection Using Prepared Statements
- Mitigating SQL Injection Using Stored Procedures
- Mitigating SQL Injection Using Whitelisting
- Injection Problems in Real Life
- Solution Screencast for Lab: Exploit Using WebGoat's SQLi Example
- Cross-Site Scripting Introduction
- HTTP and Document Isolation
- DOM, Dynamically Generating Pages, and Cross-Site Scripting
- The 3-Kinds of Cross-Site Scripting Vulnerabilities
- Comparing and Contrasting Cross-Site Scripting Vulnerabilities
- OWASP Prescribed Cross-site Scripting Prevention Rules - Part 1
- OWASP Prescribed Cross-site Scripting Prevention Rules - Part 2
- Command Injection Problems
- OWASP Proactive Controls Related to Injections
- Module 3 Introduction
- Overview of HTTP Protocol
- Introduction to Authentication
- Handling Error Messages During Authentication
- Introduction to Session Management
- Enforcing Access Control with Session Management
- Session Management Threat: Bruteforce Session IDs
- Session Management Theat: Session Fixation Vulnerabilities
- Logging and Monitoring
- Solution for Lab #3: WebGoat’s Session Management Vulnerability
- OWASP Proactive Controls Related to Session Management and Authentication
- Module 4 Introduction
- Introduction to Sensitive Data Exposure Problems
- Issue 1: Using PII to Compose Session IDs
- Issue 2: Not Encrypting Sensitive Information
- Issue 3: Improperly Storing Passwords
- Slowing Down Password Bruteforce Attacks
- Issue 4: Using HTTP for Sensitive Client-server
- OWASP Proactive Controls Related to Sensitive Data Exposure
- Course Summary