Understanding Application Security, Threats and Attacks
- What is a Secure Application
- Need for Application Security
- Most Common Application Level Attacks
- Why Applications become Vulnerable to Attacks
- What Consistutes Comprehensive Application Security
- Insecure Application: A Software Development Problem
- Software Security Standards, Models and Frameworks
Security Requirements Gathering
- Importance of Gathering Security Requirements
- Security Requirement Engineering (SRE)
- Abuse Case and Security Use Case Modeling
- Abuser amd Security Stories
- Security Quality Requirements Engneering (SQUARE)
- Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
Secure Application Design and Architecture
- Relative Cost of Fixing Vulnerabilities at Different Phases of SDLC
- Secure Application Design and Architecture
- Goal of Secure Design Process
- Secure Design Actions
- Secure Design Principles
- Threat Modeling
- Decompose Application
- Secure Application Architecture
Secure Coding Practices for Input Validation
- Input Validation Pattern
- Validation and Security Issues
- Impact of Invalid Data Input
- Data Validation Techniques
- Input Validation using Frameworks and APIs
- Open Source Validation Framework for Java
- Servlet Filters Validation Filters for Servlet
- Data Validation using OWASP ESAPI
- Data Validation: Struts Framework
- Data Validation: Spring Framework
- Input Validation Errors
- Common Secure Coding Practices
» Show More 👇
Secure Coding Practices for Authentication and Authorization
- Introduction to Authentication
- Types of Authentication
- Authentication Weaknesses and Prevention
- Introduction to Authorization
- Access Control Model
- EJB Authorization
- Java Authentication and Authorization (JAAS)
- Java EE Security
- Authorization Common Mistakes and Countermeasures
- Authentication and Authorization in Spring Security Framework
- Defensive Coding Practices against Broken Authentication and Authorization
- Secure Development Checklists: Broken Authentication and Session Management
Secure Coding Practices for Cryptography
- Java Cryptographic
- Encryption and Secret Keys
- Cipher Class
- Digital Signatures
- Secure Socket Layer (SSL)
- Key Management
- Digital Signatures
- Signed Code Sources
- Hashing
- Java Card Cryptography
- Spring Security: Crypto Module
- Do's and Dont's in Java Cryptography
- Best Practices for Java Cryptography
Secure Coding Practices for Session Management
- Session Management
- Session Tracking
- Session Management in Spring Security
- Session Vulnerabilities and their Mitigation Techniques
- Best Practices and Guidelines for Secured Sessions Management
- Checklist to Secure Credentials and Session ID's
- Guidelines for Secured Session Management
Secure Coding Practices for Error Handling
- Introduction to exceptions
- Erroneous Exceptional Behaviors
- Dos and Don'ts in Error Handling
- Spring MVC Error Handling
- Exception Handling in Struts 2
- Best Practices for Error Handling
- Introduction to Logging
- Logging using Log4j
- Secure Coding in Logging
Static and Dynamic Application Security Testing (SAST and DAST)
- Static Application Security Testing
- Manual Secure Code Review for Most Common Vulnerabilities
- Code Review: Check List Approach
- SAST Finding
- SAST Report
- Dynamic Application Security Testing
- Automated Application Vulnerability Scanning Tools
- Proxy-based Security Testing Tools
- Choosing between SAST and DAST
Secure Deployment and Maintenance
- Secure Deployment
- Prior Deployment Activity
- Deployment Activities: Ensuring Security at Various Levels
- Ensuring Security at Host Level
- Ensuring Security at Network Level
- Ensuring Security at Application Level
- Ensuring Security at Web Container Level (Tomcat)
- Ensuring Security in Oracle
- Security Maintenance and Monitoring
» Show Less 👆