Secure Programmer: Vulnerabilities

placeholder

Explore various software vulnerability topics in this 19-video which opens with a look at specific security vulnerabilities and how to program counter techniques. Then learners receive three tutorials on the OWASP (Open Web Application Security Project) Top 10 vulnerabilities: SQL injection broken authentication and cross-site scripting; broken access control security misconfiguration sensitive data exposure and insufficient attack protection; and cross-site request forgery using components with known vulnerabilities and under protected application programming interfaces (APIs). Examine use of threat models including STRIDE (Spoofing Tampering Repudiation Information Disclosure Denial of Service and Elevation) PASTA (the Process for Attack Simulation and Threat Analysis) DREAD (Damage Reproductibility Exploitability Affected Users Discoverability) and SQUARE (Security Quality Requirements Engineering). Use CVE (common vulnerabilities and exposures) vulnerability scoring and examine Java Python C# and Javascript SQL secure coding examples. Implement Python secure coding to combat SQL vulnerability; C# to combat common code vulnerabilities and Javascript to combat Cross Site Scripting attacks. Use Common Vulnerability Scoring System (CVSS) and finally use OWASP Zap and Vega vulnerability scanners to test websites for common vulnerabilities.