Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Improve Your SDLC with CAPEC and CWE

LASCON via YouTube

Overview

Learn how to enhance your Software Development Life Cycle (SDLC) using Common Attack Pattern Enumeration and Classification (CAPEC) and Common Weakness Enumeration (CWE) in this 35-minute conference talk by Ryan Stinson from KCG at LASCON 2012. Explore threat modeling techniques, examine CWE examples, and understand their relationships. Discover how to implement SDLC tools effectively across various stages, including requirements analysis, design considerations, development, and testing. Gain insights into application penetration testing, analyzing attack anatomy, and addressing common vulnerabilities such as input validation, error handling, SQL injection, and access control issues. Conclude with valuable lessons learned to improve your overall software security practices.

Syllabus

Introductions
CAPEC
Threat Modeling: Client-specific
CWE Example
Relationships
Putting SDLC Tools into Action
Requirements Analysis
Design Considerations
Development
Testing
Overview: Application Penetration Test
Anatomy of an attack
Input Validation: Proper handling of user input?
KCG Error Handling: Too Much Information
SQL Injection: Can I get to the data?
Full Compromise: There goes my data...
Access Control: How deep do I go?
Local File Inclusion
Lessons Learned

Taught by

LASCON

Reviews

Start your review of Improve Your SDLC with CAPEC and CWE

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.