Principles of Secure Coding

Focused View

Chris B Behrens

3:08:34

147 View

1. Introduction

1. Introduction.mp4

03:28

2. Tools.mp4

01:44

2. Secure Against What

1. Introduction.mp4

02:36

2. A Quick Security Primer.mp4

05:54

3. Encoding, Encryption, and Serialization.mp4

12:47

4.1 A Binary Deserialization Nightmare.html

4.2 Man in the Middle Attack.html

4. Demo Serialization and Security.mp4

09:28

5. The Nature of Security on the Internet.mp4

02:38

6. Accidental vs. Malicious Exposure.mp4

02:14

7. Summary.mp4

00:40

3. Version Control and Security

1. Introduction.mp4

03:00

2. Secrets Do Not Belong in Version Control.mp4

03:21

3.1 Juan's Horror Story.html

3. A Github Horror Story.mp4

02:49

4. The Right Way to Control Secrets.mp4

03:58

5. How to Avoid Secrets.mp4

06:41

6. Demo Coding with Secrets.mp4

05:00

7.1 The (Fictional) Day Google Forgot to Check Passwords.html

7. The Day Google Forgot to Check Passwords.mp4

05:58

8. Summary.mp4

00:30

4. Secure Coding Practices

1. Introduction.mp4

03:55

2.1 The ColdFusion Reflection Vulnerability.html

2.2 Unsafe Use of Reflection.html

2. Reflection Attacks.mp4

06:37

3.1 The Word from Microsoft on Anonymous Types.html

3. Working with Data Types Securely.mp4

07:29

4. Demo A Look at a Function.mp4

05:09

5.1 Don't Use SecureString.html

5. A Note on C# and SecureString.mp4

02:22

6.1 StackOverflow on Writing Your Own SecureString.html

6.2 XKCD Wrench Security.html

6. Never Write Your Own Encryption.mp4

04:03

7. Serialization and Transport Pitfalls.mp4

06:10

8.1 Code Access Security (CAS).html

8.2 Microsoft's Recommendations.html

8. Microsoft's Recommendations.mp4

01:38

9.1 The Google Cloud Team on Containers vs VMs.html

9. Mitigating with Virtualization Strategies.mp4

06:10

10. Summary.mp4

00:45

5. Storing Data Securely

1. Introduction.mp4

04:26

2. Securing Databases.mp4

05:33

3. Hashing and Salt.mp4

07:20

4. Transparent Data Encryption and Cloud Providers.mp4

04:22

5.1 Low-Key KeyVault.html

5. Demo Working with Secure Assets.mp4

04:48

6. Once Again, Avoiding Secrets.mp4

04:50

7. Logging and Security.mp4

01:54

8.1 OWASP Logging Cheat Sheet.html

8. Demo What Bad Logging Looks Like.mp4

06:58

9. Summary.mp4

00:30

6. Knowing the Attacks the OWASP Top Ten in 2021

1. Introduction.mp4

00:45

2.1 Broken Access Control.html

2.2 The ApplyYourself Breach.html

2. Broken Access Control.mp4

03:10

3.1 Cryptographic Failures.html

3. Cryptographic Failures.mp4

01:55

4.1 Injection.html

4. Injection.mp4

02:12

5.1 Insecure Design.html

5. Insecure Design.mp4

02:26

6.1 Security Misconfiguration.html

6. Security Misconfiguration.mp4

02:05

7.1 Vulnerable and Outdated Components.html

7. Vulnerable and Outdated Components.mp4

01:24

8.1 Digital Identity Guidelines.html

8. Identification and Authentication Failures.mp4

02:06

9.1 Software and Data Integrity Failures.html

9. Software and Data Integrity Failures.mp4

01:51

10.1 Security Logging and Monitoring Failures.html

10. Security Logging and Monitoring Failures.mp4

02:07

11.1 Server-Side Request Forgery.html

11. Server-Side Request Forgery.mp4

02:17

12.1 OWASP Zap.html

12. Demo OWASP ZAP.mp4

02:58

13. Penetration Testing.mp4

02:08

14. Summary.mp4

00:16

7. Conclusion

1.1 Principles of Deploying Code Securely.html

1. Wrapping Things Up.mp4

03:09

2. Final Exam.html

Description

Building Security in from the Beginning

What You'll Learn?

Learn about the essential concepts of all security
Understand how data becomes compromised
Understand the particulars of coding defensively
Know the OWASP Top Ten Security Issues for 2021

Who is this for?

Software developers and DevOps professionals

What You Need to Know?

You should have a good grasp of software development

More details

Description
We all want security in our work, and in our processes, but - secure against what?Â What does security mean, and how do we achieve it?Â In this course, we'll explore this question in depth.
We'll begin with a primer on security concepts such as authentication and authorization, and the related concepts of encoding and encryption. We'll talk about the role of version control in secure software development, and the importance of keeping secrets out of version control. We'll talk about two security horror stories, one from reality, and one fictional one from YouTube legend Tom Scott.
We'll move on to secure coding practices using C# as our example platform but with an eye towards wide applicability. We'll move on to the practices of keeping data secure, and how sensitive data ends up in the wrong hands.
We'll conclude the course with a survey of the OWASPÂ Top Ten security issues for 2021. By diving into these common issues, we'll gain a strong appreciation for the thinking that leads to security problems year in and year out.
I hope you'll join me as we explore how to change our thinking to be secure from the start with the Principles of Secure Coding course at Udemy.
Who this course is for:
Software developers and DevOps professionals

User Reviews

Rating

average 0

Total votes0

Focused display

Chris B. Behrens is a writer, speaker and software developer, specializing in DevOps. He has been a developer and architect for more than twenty years focusing on small to medium size companies and the development changes they face. He focuses on his flavor of Fear Based Development, whereby a developer ranks their tasks in descending order of anxiety, and how to tackle them in that order. Chief among these anxiety-inducing processes is software deployment, a topic that Behrens focuses upon. He lives in Kennedale, TX with his wife and children.

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.