Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

OWASP 2014 Top 10 Proactive Web Application Controls

via YouTube

Overview

Explore a comprehensive overview of OWASP's 2014 Top 10 Proactive Web Application Controls in this informative conference talk by Jason Montgomery. Dive into practical examples and solutions for SQL injection attacks, cross-site scripting (XSS) defenses, and input validation techniques. Learn about context-specific XSS protection strategies, encoding libraries, and tools for secure data handling. Discover best practices for file upload validation, access control implementation, and modern password policies. Gain insights into the Universal 2nd Factor (U2F) protocol and the Apache Shiro security framework. Enhance your web application security knowledge with this in-depth presentation from the Central Ohio Infosec 2015 conference.

Syllabus

Intro
SQL Injection Attack - Example
SQL Injection Attack - Solution
Parameterization References
Anatomy of a XSS Attack
Context Matters!
XSS Defense by Data Type and Context
HTML Body Context
HTML Attribute Context
HTTP GET Parameter Context
URL Context
JavaScript Variable Context
JSON Parsing Context
DOM-Based XSS Defense
Encoding Libraries
Encode Data Tools
Regular Expressions
Validating File Uploads
Input Validation References
Input Validation Tools
CWE "Monster Mitigations"
Conclusion: Ask Two Questions
Apache Shiro Architecture
Code to the Activity with Shiro
Access Control in the Browser
Access Controls References
Access Controls Tools
The Basic Hash is Dead
Password Guidance 3a
Password Guidance 3b
Password Policy
Universal 2nd Factor (U2F) protocol

Reviews

Start your review of OWASP 2014 Top 10 Proactive Web Application Controls

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.