OWASP Top 10: #1 Broken Access Control and #2 Cryptographic Failures

Focused View

Caroline Wong

29:14

279 View

01.01-owasp_top_10.mp4

01:29

02.01-what_is_broken_access_control.mp4

02:21

02.02-example_1_2021_facebook_broken_access_control_vulnerability.mp4

02:24

02.03-example_2_2021_personal_data_travel_breach.mp4

01:09

02.04-prevention_techniques_least_privilege.mp4

02:46

02.05-prevention_techniques_record_ownership_and_logging.mp4

02:27

02.06-prevention_techniques_functional_access_control_testing.mp4

02:27

03.01-what_is_cryptographic_failure.mp4

01:35

03.02-example_1_2021_godaddy_plaintext_passwords.mp4

01:44

03.03-example_2_using_a_broken_or_risky_cryptographic_algorithm.mp4

01:59

03.04-prevention_techniques_data_classification.mp4

03:30

03.05-prevention_techniques_proper_key_management.mp4

02:19

03.06-prevention_techniques_secure_protocols.mp4

02:20

04.01-owasp_top_10_keep_learning.mp4

00:44

Description

No one is immune to security vulnerabilities when it comes to web applications. We all live with the looming possibility that something could go wrong in any instant. That’s why the Open Web Application Security Project (OWASP) was formed to provide key resources that educate the public about how to navigate risk on the web. One such resource is the OWASP Top 10, a list of the ten biggest application security vulnerabilities, which was last published in 2021.

Join application security expert Caroline Wong as she walks you through the first two vulnerabilities on the list: broken access control and cryptographic failures. Learn how each vulnerability poses a threat to you with real-life examples along the way. Discover the latest, most effective prevention techniques to keep your web applications safe and secure.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Cyber Security

Caroline Wong

Instructor's Courses

I am a strategic leader with strong communications skills, cybersecurity knowledge, and deep experience delivering global programs. My practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga. I authored the popular textbook Security Metrics: A Beginner's Guide. My writing is also featured in Epic Failures in DevSecOps Vol. 1, CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, Cybersecurity Career Guide: Who Works in Cybersecurity, How We Got Started, Why We Need You, and IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data. I host the Humans of InfoSec Podcast: https://soundcloud.com/humans-of-infosec Speaking engagements include: • Global AppSec DC (2019) • RSA USA (2019, 2018, 2017, 2014, 2013, 2011, 2010) • Developer Week (2019, 2018) • Source Phoenix-Mesa (2018) • SnowFROC (2018) • IoT Tech Expo NA (2017) • DevOps Enterprise Summit (2017) • DevSecCon Boston (2017) • BSidesLV (2017) • OWASP AppSec Cali (2018, 2017, 2016) • O'Reilly Security NY (2016) • CIO Asia (2012) • Metricon 7.0 (2012) • Security Development Conference (2012) • ISC2 Security Congress (2011) • ITWeb Security Summit (2011) • RSA Europe (2010)

Linkedin Learning

View courses Linkedin Learning

LinkedIn Learning is an American online learning provider. It provides video courses taught by industry experts in software, creative, and business skills. It is a subsidiary of LinkedIn. All the courses on LinkedIn fall into four categories: Business, Creative, Technology and Certifications. It was founded in 1995 by Lynda Weinman as Lynda.com before being acquired by LinkedIn in 2015. Microsoft acquired LinkedIn in December 2016.