Understanding Application Security, Threats and Attacks
- What is a Secure Application
- Need for Application Security
- Most Common Application Level Attacks
- Why Applications become Vulnerable to Attacks
- What Consistutes Comprehensive Application Security ?
- Insecure Application: A Software Development Problem
- Software Security Standards, Models and Frameworks
Security Requirements Gathering
- Importance of Gathering Security Requirements
- Security Requirement Engineering (SRE)
- Abuse Case and Security Use Case Modeling
- Abuser amd Security Stories
- Security Quality Requirements Engneering (SQUARE)
- Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
Secure Application Design and Architecture
- Relative Cost of Fixing Vulnerabilities at Different Phases of SDLC
- Secure Application Design and Architecture
- Goal of Secure Design Process
- Secure Design Actions
- Secure Design Principles
- Threat Modeling
- Decompose Application
- Secure Application Architecture
Secure Coding Practices for Input Validation
- Input Validation
- Why Input Validation ?
- Input Validation Specification
- Input Validation Approaches
- Input Filtering
- Secure Coding Practices for Input Validation: Web Forms
- Secure Coding Practices for Input Validation: ASP.NET Core
- Secure Coding Practices for Input Validation: MVC
» Show More 👇
Secure Coding Practices for Authentication and Authorization
- Authentication and Authorization
- Common Threats on User Authentication and Authorization
- Authentication and Authorization: Web Forms
- Authentication and Authorization: ASP .NET Core
- Authentication and Authorization: MVC
- Authentication and Authorization Defensive Techniques : Web Forms
- Authentication and Authorization Defensive Techniques : ASP .NET Core
- Authentication and Authorization Defensive Techniques : MVC
Secure Coding Practices for Cryptography
- Cryptographic
- Ciphers
- Block Ciphers Modes
- Symmetric Encryption Keys
- Asymmetric Encryption Keys
- Functions of Cryptography
- Use of Cryptography to Mitigate Common Application Security Threats
- Cryptographic Attacks
- Techniques Attackers Use to Steal Cryptographic Keys
- What should you do to Secure .Net Applications for Cryptographic Attacks
- .NET Cryptographic Name Spaces
- .NET Cryptographic Class Hierarchy
- Symmetric Encryption
- Symmetric Encryption: Defensive Coding Techniques
- Asymmetric Encryption
- Asymmetric Encryption: Defensive Coding Techniques
- Hashing
- Digital Signatures
- Digital Certificates
- XML SIgnatures
- ASP.NET Core Specific Secure Cryptography Practices
Secure Coding Practices for Session Management
- What are Exceptions/Runtime Errors ?
- Need for Secure Error/Exception Handling
- Consequences of Detailed Error Message
- Exposing Detailed Error Messages
- Considerations: Designing Secure Error Messages
- Secure Exception Handling
- Handling Exceptions in an Application
- Defensve Coding practices against Information Disclosure
- Defensive Coding practices against Improper Error Handling
- ASP .NET Core: Secure Error Handling Practices
- Secure Auditing and Logging
- Tracing .NET
- Auditing and Logging Security Checklists
Static and Dynamic Application Security Testing (SAST and DAST)
- Static Application Security Testing
- Manual Secure Code Review for Most Common Vulnerabilities
- Code Review: Check List Approach
- SAST Finding
- SAST Report
- Dynamic Application Security Testing
- Automated Application Vulnerability Scanning Tools
- Proxy-based Security Testing Tools
- Choosing between SAST and DAST
Secure Deployment and Maintenance
- Secure Deployment
- Prior Deployment Activity
- Deployment Activities: Ensuring Security at Various Levels
- Ensuring Security at Host Level
- Ensuring Security at Network Level
- Ensuring Security at Application Level
- Web Application Firewall (WAF)
- Ensuring Security at IIS Level
- Sites and Virtual Directories
- ISAPI Filters
- Ensuring Security at .NET Level
- Ensuring Security at SQL Server Level
- Security Maintenance and Monitoring
» Show Less 👆
