Course details

Secure Programmer: Vulnerabilities

Secure Programmer: Vulnerabilities


Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level



Overview/Description

Explore various software vulnerability topics in this 19-video, which opens with a look at specific security vulnerabilities and how to program counter techniques. Then learners receive three tutorials on the OWASP (Open Web Application Security Project) Top 10 vulnerabilities: SQL injection, broken authentication, and cross-site scripting; broken access control, security misconfiguration, sensitive data exposure, and insufficient attack protection; and cross-site request forgery, using components with known vulnerabilities, and under protected application programming interfaces (APIs). Examine use of threat models including STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation), PASTA (the Process for Attack Simulation and Threat Analysis), DREAD (Damage, Reproductibility, Exploitability, Affected Users, Discoverability), and SQUARE (Security Quality Requirements Engineering). Use CVE (common vulnerabilities and exposures) vulnerability scoring, and examine Java, Python, C#, and Javascript SQL secure coding examples. Implement Python secure coding to combat SQL vulnerability; C# to combat common code vulnerabilities, and Javascript to combat Cross Site Scripting attacks. Use Common Vulnerability Scoring System (CVSS), and finally, use OWASP Zap and Vega vulnerability scanners to test websites for common vulnerabilities.



Expected Duration (hours)
1.2

Lesson Objectives

Secure Programmer: Vulnerabilities

  • discover the key concepts covered in this course
  • describe specific security vulnerabilities and recognize how to program counter techniques
  • describe OWASP Top 10 vulnerabilities including SQL injection, broken authentication, and cross-site scripting
  • describe OWASP Top 10 vulnerabilities including broken access control, security misconfiguration, sensitive data exposure, and insufficient attack protection
  • describe OWASP Top 10 vulnerabilities including cross-site request forgery, using components with known vulnerabilities, and underprotected APIs
  • describe and use threat models including STRIDE, PASTA, DREAD, and SQUARE
  • describe and use CVE vulnerability scoring
  • implement Java secure coding to combat Rhino Script vulnerability
  • implement Python secure coding to combat Remote Code Execution Vulnerability
  • implement C# secure coding to combat SQL Injection Vulnerability
  • implement JavaScript secure coding to combat SQL Injection Vulnerability
  • implement Java secure coding to combat SQL Injection Vulnerability
  • implement Python secure coding to combat a variety of security vulnerabilities
  • implement C# secure coding to combat common code vulnerabilities
  • implement JavaScript secure coding to combat Cross Site Scripting attacks
  • use CVSS scoring for vulnerabilities
  • use OWASP Zap vulnerability scanner to test web sites for common vulnerabilities
  • use Vega Vulnerability Scanner to test web sites for common vulnerabilities
  • summarize the key concepts covered in this course
  • Course Number:
    it_spsecpdj_02_enus

    Expertise Level
    Intermediate