Overview
Explore a comprehensive conference talk on the OWASP Top Ten Proactive Controls, delivered by Jim Manico at LASCON in 2013. Dive into fundamental security controls for software development, covering critical categories like Authentication, Access Control, Validation, Encoding, Query Parameterization, and Data Protection. Learn about secure requirements, architecture, and design principles essential for building robust applications. Gain insights on specific topics such as Apache Shiro, Role-Based Access Control, password defense strategies, multifactor authentication, and secure file upload techniques. Discover best practices for preventing cross-site scripting, implementing HTML encoding and sanitization, and utilizing cryptographic storage methods. This 50-minute developer track session provides valuable knowledge for architects and developers committed to incorporating essential security measures in every software project.
Syllabus
Introduction
Apache Shiro
RoleBased Access Control
Password Defense
Credential Specific Salt
Use an HSM
Use Bcrypt
Multifactor
Access Control
Query Parameterization
Ruby on Rails
Cold Fusion
Encoding
Crosssite scripting
HTML encoding
HTML input
OAuth HTML sanitizer
Other HTML sanitizers
File upload security
Certificate pinning
Cryptographic storage
Detection
Radio Button
Taught by
LASCON