OWASP Top 10: #9 Security Logging and Monitoring Failures and #10 Server-Side Request Forgery

Focused View

Caroline Wong

12:15

54 View

01 - Introduction

01 - 2021 OWASP Top 10.mp4

00:57

02 - OWASP Top 10 series.mp4

00:49

02 - 1. Security Monitoring and Logging Failures

01 - What are security monitoring and logging failures.mp4

02:50

02 - Example 1 2018 Starwood data breach.mp4

02:31

03 - Example 2 2021 South Georgia Medical Center insider threat.mp4

02:11

04 - Prevention technique Ensure logging includes sufficient user context.mp4

02:57

Description

It’s important to protect your organization against security vulnerabilities, but how do you prepare for a possible attack? In this course, join instructor and application security expert Caroline Wong as she gives you an overview of the ninth and tenth most common vulnerabilities listed on the 2021 Open Web Application Security Project (OWASP) Top 10 List: security logging and monitoring failures and server-side request forgery.

Discover strategies to defend yourself against these two prominent types of attack, drawing from real-life examples along the way. Caroline offers insights on the latest, most effective prevention techniques to keep your web applications safe and secure, including sufficient user context, consistent monitoring and alerting, an incident response and recovery plan, network layer and application layer prevention, and authentication for internal services.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Web App Development

Cyber Security

Cyber Security Awareness

Caroline Wong

Instructor's Courses

I am a strategic leader with strong communications skills, cybersecurity knowledge, and deep experience delivering global programs. My practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga. I authored the popular textbook Security Metrics: A Beginner's Guide. My writing is also featured in Epic Failures in DevSecOps Vol. 1, CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, Cybersecurity Career Guide: Who Works in Cybersecurity, How We Got Started, Why We Need You, and IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data. I host the Humans of InfoSec Podcast: https://soundcloud.com/humans-of-infosec Speaking engagements include: • Global AppSec DC (2019) • RSA USA (2019, 2018, 2017, 2014, 2013, 2011, 2010) • Developer Week (2019, 2018) • Source Phoenix-Mesa (2018) • SnowFROC (2018) • IoT Tech Expo NA (2017) • DevOps Enterprise Summit (2017) • DevSecCon Boston (2017) • BSidesLV (2017) • OWASP AppSec Cali (2018, 2017, 2016) • O'Reilly Security NY (2016) • CIO Asia (2012) • Metricon 7.0 (2012) • Security Development Conference (2012) • ISC2 Security Congress (2011) • ITWeb Security Summit (2011) • RSA Europe (2010)

Linkedin Learning

View courses Linkedin Learning

LinkedIn Learning is an American online learning provider. It provides video courses taught by industry experts in software, creative, and business skills. It is a subsidiary of LinkedIn. All the courses on LinkedIn fall into four categories: Business, Creative, Technology and Certifications. It was founded in 1995 by Lynda Weinman as Lynda.com before being acquired by LinkedIn in 2015. Microsoft acquired LinkedIn in December 2016.