Course description
Prerequisites
Learning Paths
This course is part of the following LearnNowOnline SuccessPaths™:
OWASP
Meet the expert
Robert Hurlbut is a software security consultant, architect, and trainer. He is a Microsoft MVP for Developer Security / Visual Studio and Development Technologies and he holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in secure coding, software architecture, and software development and has served as a project manager, director of software development, chief software architect, and application security champion for several companies. He speaks at user groups, national and international conferences, and provides training for many clients.
Course outline
OWASP Proactive Controls 6-10
Implement Access Controls (15:00)
- Introduction (00:33)
- C6 - Implement Appropriate Access Controls (02:41)
- Access Control Anti-Patterns (07:13)
- Role-Based Access Control (01:22)
- ASP.NET Roles vs. Claims Authorization (01:29)
- Apache Shiro Permission-Based Access Control (01:16)
- Summary (00:23)
Protect Data (18:54)
- Introduction (00:31)
- C7 - Protect Data (00:47)
- Encrypting Data in Transit (03:52)
- HSTS (Strict Transport Security) (04:22)
- Certificate Pinning (02:45)
- Browser-Based TOFU Pinning (01:32)
- Pinning in Play (Chrome) (00:52)
- Forward Secrecy (01:35)
- Google KeyCzar (01:04)
- Libsodium (01:13)
- Summary (00:15)
Logging and Intrusion Detection (10:22)
- Introduction (00:24)
- C8 - Implement Logging and Intrusion Detection (01:15)
- Tips for Proper Application Logging (03:13)
- Detection Points Examples (05:07)
- Summary (00:21)
Security Frameworks and Exception Handling (11:26)
- Introduction (00:30)
- C9 - Leverage Security Frameworks and Libraries (03:08)
- Security Frameworks and Libraries (01:06)
- C10 - Error and Exception Handling (02:18)
- Best Practices for Error and Exception Handling (03:58)
- Summary (00:23)