English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 0h 26m | 221 MB
Recent changes in application architecture and technology have sparked new opportunities and ways of working. But with these new advancements come new risks. The Open Web Application Security Project (OWASP) Top 10 list describes the ten biggest vulnerabilities that today’s software developers and organizations face. In this course, Caroline Wong takes a deep dive into the seventh and eighth categories of security vulnerabilities in the OWASP Top 10—cross-site scripting (XSS) and insecure deserialization. Caroline covers how XSS and insecure deserialization work, providing real-world examples that demonstrate how they affect companies and consumers alike. She also shares techniques that can help you prevent these types of attacks.
Table of Contents
Introduction
1 Common software vulnerabilities
Cross-Site Scripting How Does It Work
2 General concept
Impact of Cross-Site Scripting
3 Example scenario 1
4 Example scenario 2
Preventing Cross-Site Scripting
5 Enable a content security policy
6 Apply context sensitive encoding
7 Escape untrusted HTTP data
Insecure Deserialization How Does It Work
8 General concept
Impact of Insecure Deserialization
9 Example scenario 1
10 Example scenario 2
Preventing Insecure Deserialization
11 Use integrity checks and encrypt
12 Log to detect insecure deserialization
13 Isolate code that deserializes
Conclusion
14 Next steps
Resolve the captcha to access the links!