Explore a conference talk from AppSec California 2016 that delves into preventing security bugs through software design. Learn how to shift the burden of security from developers to API designers by creating constrained yet expressive APIs that make it nearly impossible to write vulnerable code. Discover designs for injection-proof SQL query APIs and XSS-proof HTML rendering APIs, combined with machine-checked coding guidelines. Gain insights from Google's successful implementation of these approaches, which have significantly reduced security vulnerabilities in their flagship projects. Understand the limitations of traditional security measures and the potential of innovative API design in addressing common application-level security defects like SQL Injection and Cross-Site Scripting.
Preventing Security Bugs through Software Design
Overview
Syllabus
Intro
Injection
Crosssite scripting
Adhoc concatenation
Safe templates
Practical application
API design
Type contract
Practicality
Exceptions
Type errors
Reviewability
Questions
Taught by
OWASP Foundation
Related Courses
-
Exploiting and Securing Vulnerabilities in Java Applications
-
Application Security for Developers
-
Identifying Web Attacks Through Logs
-
Securing Software's Future: Why API Design Matters
-
Defending Against Cross-Site Scripting (XSS) Vulnerabilities
-
The Path of Secure Software Development - AppSec EU 2017
