This series of quick, hard-hitting sessions sets the context and charges through each of the OWASP vulnerabilities. Each virtual, instructor-led session provides a solid set of information for developers, testers, and other stakeholders about understanding, identifying, and mitigating a vulnerability. These short, intense sessions maximize the flow of information in an effective and interactive manner.
March 11, 2021
In this course you will learn about:
· The mechanism by which the vulnerability is exploited. Often the exploitability of a vulnerability is rooted in an underlying pattern that is valid across many technologies and architectures.
· The prevalence of the vulnerability, including characteristics to focus on during design and code reviews to help detect potential issues.
· The potential consequences of a successful exploit.
· The measures that can be taken to eliminate, prevent, or minimize the risk of an exploited vulnerability.
· The relative effectiveness of scanners and other tools in detecting the vulnerability being discussed.
· Generic and code-specific references that can be utilized after the session.
- Security: The Complete Picture 00:00:00
- Attack Patterns 00:00:00
- Anthem, Dell, Target, Equifax, and Marriot Debriefs 00:00:00
- Verizon’s 2019 Data Breach Report 00:00:00
- Assumptions We Make 00:00:00
- Recognizing Assets 00:00:00
- Introduction to OWASP Top 10 00:00:00
- Injection Flaws 00:00:00
- Examples: SQL Injection 00:00:00
- Drill Down on Stored Procedures 00:00:00
- Understanding the Underlying Problem 00:00:00
- Other Forms of Injection 00:00:00
- Minimizing Injection Flaws 00:00:00
- Potential Demonstration: Defending Against SQL Injection 00:00:00
- Weak Authentication Data 00:00:00
- Protecting Authentication Data 00:00:00
- Protecting Authentication Services 00:00:00
- Effective Credential Management 00:00:00
- Effective Multi-Factor Authentication 00:00:00
- Handling Passwords on Server Side 00:00:00
- Potential Demonstration: Defending Authentication 00:00:00
- Recognizing XML Processing: Direct, REST, SOAP, etc. 00:00:00
- Challenges of Safe XML Parsing 00:00:00
- Managing External Entity Resolution 00:00:00
- XSLT Processing Challenges 00:00:00
- Safe XML Processing 00:00:00
- Potential Demonstration: Safe XML Processing 00:00:00
- System Hardening: IA Mitigation 00:00:00
- Application Whitelisting 00:00:00
- Principle of Least Privileges in Real Terms 00:00:00
- Secure Configuration Baseline 00:00:00
- Error-Handling Issues 00:00:00
- Recognizing Serialization in Java, JSON.Net and Elsewhere 00:00:00
- Deserializing Hostile Objects 00:00:00
- Safely Managing Deserialization 00:00:00
- A9: Using Components with Known Vulnerabilities 00:00:00
- Maintaining Software Inventory 00:00:00
- Awareness of Vulnerabilities, Updates, and Patches 00:00:00
- Managing Versions, Updates, and Patches 00:00:00
- Reducing Software Risks 00:00:00
- Strength Training: Project Teams/Developers 00:00:00
- Strength Training: IT Organizations 00:00:00
- OWASP ASVS 00:00:00
- Leveraging Common AppSec Practices and Controls 00:00:00