Explore the OWASP Top 10 Proactive Controls in this 47-minute conference talk from LASCON 2014. Learn essential secure coding techniques for web application development across all tiers, including user interface, business logic, controller, and database code. Discover the importance of parameterized queries, data encoding, input validation, access controls, authentication, data protection, logging, error handling, intrusion detection, and leveraging security frameworks. Gain insights on implementing security-specific requirements and designing security into your applications from the start. Delve into topics such as SQL injection prevention, HTML sanitization, password security, SSL, certificate pinning, and threat modeling. Presented by Jim Manico, author and educator, this talk provides developers with practical knowledge to enhance the security of their software projects.
Overview
Syllabus
Intro
Top 10
Get sequel injection
Encoding and escaping
Input validation
HTML sanitizer
Policy
Access Control
Data Driven
Passwords
Algorithms
Multifactor
Forgot Password
SSL
Certificate pinning
Experimental headers
Intrusion Detection
Frameworks
Security Requirements
Threat Modeling
Trusting Info
No sequel databases
Taught by
LASCON
Related Courses
-
OWASP Top Ten Proactive Controls
-
Top Ten Proactive Controls for Secure Software Development
-
OWASP 2014 Top 10 Proactive Web Application Controls
-
OWASP Top Ten Proactive Controls for Secure Web Development
-
The OWASP Top Ten Proactive Controls 2018
-
The Path of Secure Software Development - AppSec EU 2017
