Secure Coding: Preventing Broken Access Control

Focused View

Gavin Johnson-Lynn

1:55:43

38 View

01. Course Overview

01. Course Overview.mp4

01:42

02. Defining Access Controls

01. Access Control Basics.mp4

04:10

02. Authentication.mp4

03:07

03. Example Authentication Flows.mp4

03:05

04. Access Control Lists.mp4

02:01

05. Types of Access Control.mp4

05:29

03. Forced Browsing to Find Hidden Functionality

01. Forced Browsing Overview.mp4

02:41

02. Demonstrating Forced Browsing.mp4

04:08

03. Forced Browsing Attacks.mp4

02:38

04. Defense with Access Control Lists.mp4

04:15

05. Defense with Role-based Access Control.mp4

03:06

06. Where to Put Access Checks.mp4

03:26

04. Traversing Directories for Unauthorized File Access

01. Directory Traversal Overview.mp4

02:29

02. Understanding Directory Traversal.mp4

03:06

03. Attacking a Directory Traversal Vulnerability.mp4

03:22

04. Defensive Checks.mp4

04:03

05. Defensive Code.mp4

02:53

05. Manipulating Parameters to Alter Results

01. Parameter Manipulation Overview.mp4

01:54

02. Understanding Parameter Manipulation.mp4

03:22

03. Demonstration of Manipulated Parameters.mp4

05:04

04. Seeing Where Parameters Can Be Altered.mp4

02:23

05. Parameter Validation Attacks and Basic Defense.mp4

04:25

06. Field Access Attacks.mp4

04:04

07. Unauthorized Field Access Defense.mp4

05:14

06. Finding Insecure Direct Object References (IDOR)

01. IDOR Overview.mp4

03:50

02. Demonstrating an IDOR Attack.mp4

03:18

03. Understanding the IDOR Attack.mp4

03:35

04. Defending from IDOR Attacks.mp4

04:53

07. Guiding Principles for Access Controls

01. Guiding Principles Overview.mp4

02:32

02. Securing Code.mp4

02:43

03. Securing Code with Security Principles.mp4

06:11

04. Securing Code with Coding Principles.mp4

04:51

05. Summary of Principles.mp4

01:43

Description

Learn how to protect your code from access control issues. You will gain an understanding of how an attacker might find and attack those vulnerabilities before building defenses into your code.

What You'll Learn?

Broken access controls can expose information and functionality in your service to unauthorized users and is currently one of the top vulnerabilities found in software. You need to understand those vulnerabilities in order to defend against potential attackers. In this course, Secure Coding: Preventing Broken Access Control, you will gain the ability to protect your code from access control vulnerabilities. First, you will learn to understand vulnerabilities and potential attacks against them. Next, you will discover some of the key principles associated with defensive code. Finally, you will explore how to write clean, readable, defensive code. When you are finished with this course, you will have the skills and knowledge needed to protect your code from access control vulnerabilities.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Software Engineering

Network Security

Information Security

Gavin Johnson-Lynn

Instructor's Courses

Gavin has 20 years’ experience writing software in regulated environments and for global organisations. The last five years of his development career were spent with a focus on security, becoming the security lead for a significant payments project at a FTSE 100 company. He has experience with languages from COBOL to .Net and now often finds those skills useful when developing with Python. Gavin's experience of software security revealed a passion for security, leading him to become a speaker and blogger on the subject. Gavin holds the Certified Secure Software Lifecycle Professional (CSSLP) and Scrum Master certifications and is currently part of an offensive security team, using his defensive knowledge to aid offensive security work.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.