OWASP Top 10: #3 Injection and #4 Insecure Design
Focused View
Caroline Wong
32:22
44 View
01.01-2021 owasp top 10.mp4
01:23
01.02-what you should know.mp4
00:47
02.01-what is injection.mp4
02:35
02.02-example 1 2008 heartland data breach.mp4
01:58
02.03-example 2 2020 accellion data breach.mp4
02:09
02.04-prevention technique 1 prepared statements.mp4
02:10
02.05-prevention technique 2 input validation.mp4
02:19
02.06-prevention technique 3 escape special characters.mp4
01:57
03.01-what is insecure design.mp4
02:11
03.02-real-world example 1 g suite accounts in 2018.mp4
02:06
03.03-real-world example 2 2021 manufacturing data risk report.mp4
03:18
03.04-prevention technique 1 threat modeling.mp4
02:53
03.05-prevention technique 2 secure design patterns and principles.mp4
02:18
03.06-prevention technique 3 secure development lifecycle.mp4
03:18
04.01-next steps.mp4
01:00
Description
The Open Web Application Security Project (OWASP) was formed to provide the public with the resources needed to understand and enhance software security. The OWASP Top 10 list describes the ten biggest vulnerabilities. In this course, Caroline Wong takes a deep dive into the third and fourth categories of security vulnerabilities in the 2021 OWASP Top 10: injection and insecure design. They are extremely prevalent in web application development, and Caroline covers how these kinds of attacks work, reviews some real-life examples, and discusses how to prevent these types of attacks.
More details
User Reviews
Rating
average 0
Focused display
Category
Caroline Wong
Instructor's CoursesI am a strategic leader with strong communications skills, cybersecurity knowledge, and deep experience delivering global programs. My practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga.
I authored the popular textbook Security Metrics: A Beginner's Guide. My writing is also featured in Epic Failures in DevSecOps Vol. 1, CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, Cybersecurity Career Guide: Who Works in Cybersecurity, How We Got Started, Why We Need You, and IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data.
I host the Humans of InfoSec Podcast: https://soundcloud.com/humans-of-infosec
Speaking engagements include:
• Global AppSec DC (2019)
• RSA USA (2019, 2018, 2017, 2014, 2013, 2011, 2010)
• Developer Week (2019, 2018)
• Source Phoenix-Mesa (2018)
• SnowFROC (2018)
• IoT Tech Expo NA (2017)
• DevOps Enterprise Summit (2017)
• DevSecCon Boston (2017)
• BSidesLV (2017)
• OWASP AppSec Cali (2018, 2017, 2016)
• O'Reilly Security NY (2016)
• CIO Asia (2012)
• Metricon 7.0 (2012)
• Security Development Conference (2012)
• ISC2 Security Congress (2011)
• ITWeb Security Summit (2011)
• RSA Europe (2010)
Linkedin Learning
View courses Linkedin LearningLinkedIn Learning is an American online learning provider. It provides video courses taught by industry experts in software, creative, and business skills. It is a subsidiary of LinkedIn. All the courses on LinkedIn fall into four categories: Business, Creative, Technology and Certifications.
It was founded in 1995 by Lynda Weinman as Lynda.com before being acquired by LinkedIn in 2015. Microsoft acquired LinkedIn in December 2016.
- language english
- Training sessions 15
- duration 32:22
- Release Date 2023/04/29
