OWASP Top 10: #7 Identification and Authentication Failures and #8 Software and Data Integrity Failures

Focused View

Caroline Wong

39:54

56 View

01 - Introduction

01 - OWASP Top 10.mp4

00:46

02 - OWASP Top 10 series.mp4

00:50

02 - 1. Identification and Authentication Failures

01 - What are identification and authentication failures.mp4

03:11

02 - Example 1 Pwned Passwords.mp4

03:50

03 - Example 2 2021 Verkada data breach.mp4

03:00

04 - Prevention technique Check for weak passwords.mp4

03:17

05 - Prevention technique Use multi-factor authentication.mp4

02:32

06 - Prevention technique Log and limit repeated login attempts.mp4

03:37

03 - 2. Software and Data Integrity Failures

01 - What are software and data integrity failures.mp4

03:17

02 - Example 1 Solar Winds software supply chain attack.mp4

01:59

03 - Example 2 2021 Codecov bash uploader compromise.mp4

03:31

04 - Prevention technique Use digital signatures.mp4

02:07

05 - Prevention technique Ensure repositories are trustworthy.mp4

03:32

06 - Prevention technique Review code and configuration changes.mp4

03:21

04 - Conclusion

01 - OWASP Top 10 keep learning.mp4

01:04

Description

Failures related to identity, authentication, and software and data integrity loom large in web application development. You need to keep security vulnerabilities top of mind, but how do you prepare for a possible attack? In this course, instructor and application security expert Caroline Wong gives you an overview of the seventh and eighth most common vulnerabilities listed on the 2021 Open Web Application Security Project (OWASP) Top 10 List: identity and authentication failures, and software and data integrity failures.

Explore the basics of these two types of failures to find out what you can do to defend yourself against an attack, drawing from real-life examples along the way. Caroline shares insights on the latest, most effective prevention techniques to keep your web applications safe and secure, including Pwned Passwords, weak password checks, multifactor authentication, password logs and limits, digital signatures, trusted repositories, and code and configuration changes.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Web App Development

Cyber Security

Cyber Security Awareness

Caroline Wong

Instructor's Courses

I am a strategic leader with strong communications skills, cybersecurity knowledge, and deep experience delivering global programs. My practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga. I authored the popular textbook Security Metrics: A Beginner's Guide. My writing is also featured in Epic Failures in DevSecOps Vol. 1, CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, Cybersecurity Career Guide: Who Works in Cybersecurity, How We Got Started, Why We Need You, and IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data. I host the Humans of InfoSec Podcast: https://soundcloud.com/humans-of-infosec Speaking engagements include: • Global AppSec DC (2019) • RSA USA (2019, 2018, 2017, 2014, 2013, 2011, 2010) • Developer Week (2019, 2018) • Source Phoenix-Mesa (2018) • SnowFROC (2018) • IoT Tech Expo NA (2017) • DevOps Enterprise Summit (2017) • DevSecCon Boston (2017) • BSidesLV (2017) • OWASP AppSec Cali (2018, 2017, 2016) • O'Reilly Security NY (2016) • CIO Asia (2012) • Metricon 7.0 (2012) • Security Development Conference (2012) • ISC2 Security Congress (2011) • ITWeb Security Summit (2011) • RSA Europe (2010)

Linkedin Learning

View courses Linkedin Learning

LinkedIn Learning is an American online learning provider. It provides video courses taught by industry experts in software, creative, and business skills. It is a subsidiary of LinkedIn. All the courses on LinkedIn fall into four categories: Business, Creative, Technology and Certifications. It was founded in 1995 by Lynda Weinman as Lynda.com before being acquired by LinkedIn in 2015. Microsoft acquired LinkedIn in December 2016.