Foundational Topics in Secure Programming-Getting Started
A Note From UC Davis
Course Introduction
()
Foundational Topics in Secure Programming-Foundational Topics in Secure Programming - Part 1
Module 1 Introduction
()
Fundamental Concepts in Security
()
The STRIDE Method Via Example
()
STRIDE Threats In More Detail Via Example
()
Trust Boundaries
()
Cryptography Basics Introduction
()
Cryptography Basics: Block Ciphers
()
Cryptography Basics: Symmetric and Asymmetric Cryptography
()
Cryptography Basics: Hash Functions
()
Cryptography Basics: Application to Threat Models
()
Foundational Topics in Secure Programming-Threat Model Activity
Lab: Threat Model Activity
()
Welcome to Peer Review Assignments!
Foundational Topics in Secure Programming-Foundational Topics in Secure Programming - Part 2
OWASP Top 10 Proactive Controls and Exploits - Part 1
()
OWASP Top 10 Proactive Controls and Exploits - Part 2
()
Foundational Topics in Secure Programming-Review and Readings
Reading and Resource
Injection Problems-Injection Problems
Module 2 Introduction
()
General Concepts: Injection Problems
()
SQL Injection Problems
()
Mitigating SQL Injection Using Prepared Statements
()
Mitigating SQL Injection Using Stored Procedures
()
Mitigating SQL Injection Using Whitelisting
()
Injection Problems in Real Life
()
Solution Screencast for Lab: Exploit Using WebGoat's SQLi Example
()
Cross-Site Scripting Introduction
()
HTTP and Document Isolation
()
DOM, Dynamically Generating Pages, and Cross-Site Scripting
()
The 3-Kinds of Cross-Site Scripting Vulnerabilities
()
Comparing and Contrasting Cross-Site Scripting Vulnerabilities
()
OWASP Prescribed Cross-site Scripting Prevention Rules - Part 1
()
OWASP Prescribed Cross-site Scripting Prevention Rules - Part 2
()
Command Injection Problems
()
OWASP Proactive Controls Related to Injections
()
Injection Problems-Review and Resources
Resources
Problems Arising From Broken Authentication-Problems Arising From Broken Authentication
Module 3 Introduction
()
Overview of HTTP Protocol
()
Introduction to Authentication
()
Handling Error Messages During Authentication
()
Introduction to Session Management
()
Enforcing Access Control with Session Management
()
Session Management Threat: Bruteforce Session IDs
()
Session Management Theat: Session Fixation Vulnerabilities
()
Logging and Monitoring
()
Solution for Lab #3: WebGoat’s Session Management Vulnerability
()
OWASP Proactive Controls Related to Session Management and Authentication
()
Problems Arising From Broken Authentication-Review and Resources
Resources
Sensitive Data Exposure Problems-Sensitive Data Exposure Problems
Module 4 Introduction
()
Introduction to Sensitive Data Exposure Problems
()
Issue 1: Using PII to Compose Session IDs
()
Issue 2: Not Encrypting Sensitive Information
()
Issue 3: Improperly Storing Passwords
()
Slowing Down Password Bruteforce Attacks
()
Issue 4: Using HTTP for Sensitive Client-server
()
OWASP Proactive Controls Related to Sensitive Data Exposure
()
Sensitive Data Exposure Problems-Review and Resources
Resources
Sensitive Data Exposure Problems-Course Summary
Course Summary
()