Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Preventing Security Bugs through Software Design

OWASP Foundation via YouTube

Overview

Explore a conference talk from AppSec California 2016 that delves into preventing security bugs through software design. Learn how to shift the burden of security from developers to API designers by creating constrained yet expressive APIs that make it nearly impossible to write vulnerable code. Discover designs for injection-proof SQL query APIs and XSS-proof HTML rendering APIs, combined with machine-checked coding guidelines. Gain insights from Google's successful implementation of these approaches, which have significantly reduced security vulnerabilities in their flagship projects. Understand the limitations of traditional security measures and the potential of innovative API design in addressing common application-level security defects like SQL Injection and Cross-Site Scripting.

Syllabus

Intro
Injection
Crosssite scripting
Adhoc concatenation
Safe templates
Practical application
API design
Type contract
Practicality
Exceptions
Type errors
Reviewability
Questions

Taught by

OWASP Foundation

Reviews

Start your review of Preventing Security Bugs through Software Design

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.