Principles of Secure Coding

October 12, 2022 Courses
Principles of Secure Coding

English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 51 lectures (3h 8m) | 1.53 GB

Building Security in from the Beginning

We all want security in our work, and in our processes, but – secure against what? What does security mean, and how do we achieve it? In this course, we’ll explore this question in depth.

We’ll begin with a primer on security concepts such as authentication and authorization, and the related concepts of encoding and encryption. We’ll talk about the role of version control in secure software development, and the importance of keeping secrets out of version control. We’ll talk about two security horror stories, one from reality, and one fictional one from YouTube legend Tom Scott.

We’ll move on to secure coding practices using C# as our example platform but with an eye towards wide applicability. We’ll move on to the practices of keeping data secure, and how sensitive data ends up in the wrong hands.

We’ll conclude the course with a survey of the OWASP Top Ten security issues for 2021. By diving into these common issues, we’ll gain a strong appreciation for the thinking that leads to security problems year in and year out.

I hope you’ll join me as we explore how to change our thinking to be secure from the start with the Principles of Secure Coding course

What you’ll learn

  • Learn about the essential concepts of all security
  • Understand how data becomes compromised
  • Understand the particulars of coding defensively
  • Know the OWASP Top Ten Security Issues for 2021
Table of Contents

Introduction
1 Introduction
2 Tools

Secure Against What
3 Introduction
4 A Quick Security Primer
5 Encoding, Encryption, and Serialization
6 Demo Serialization and Security
7 The Nature of Security on the Internet
8 Accidental vs. Malicious Exposure
9 Summary

Version Control and Security
10 Introduction
11 Secrets Do Not Belong in Version Control
12 A Github Horror Story
13 The Right Way to Control Secrets
14 How to Avoid Secrets
15 Demo Coding with Secrets
16 The Day Google Forgot to Check Passwords
17 Summary

Secure Coding Practices
18 Introduction
19 Reflection Attacks
20 Working with Data Types Securely
21 Demo A Look at a Function
22 A Note on C# and SecureString
23 Never Write Your Own Encryption
24 Serialization and Transport Pitfalls
25 Microsoft’s Recommendations
26 Mitigating with Virtualization Strategies
27 Summary

Storing Data Securely
28 Introduction
29 Securing Databases
30 Hashing and Salt
31 Transparent Data Encryption and Cloud Providers
32 Demo Working with Secure Assets
33 Once Again, Avoiding Secrets
34 Logging and Security
35 Demo What Bad Logging Looks Like
36 Summary

Knowing the Attacks the OWASP Top Ten in 2021
37 Introduction
38 Broken Access Control
39 Cryptographic Failures
40 Injection
41 Insecure Design
42 Security Misconfiguration
43 Vulnerable and Outdated Components
44 Identification and Authentication Failures
45 Software and Data Integrity Failures
46 Security Logging and Monitoring Failures
47 Server-Side Request Forgery
48 Demo OWASP ZAP
49 Penetration Testing
50 Summary

Conclusion
51 Wrapping Things Up

Homepage

Resolve the captcha to access the links!