Overview
Syllabus
Intro
OWASP Top 10 Risks 2017 - RC2
Cyber attacks
OWASP Application Security Verification Standard
Verify for Security Early and Often
Parameterize Queries
XSS Payloads
Encode Your Output DO YOU WANT RSS
Contextual Encoding OWASP Java Encoder Project
Example of Validations
2nd Order SQL Injection Example
Vulnerabilities Addressed - All Top10!
Implement Authentication Controls
Strong cryptographic algorithms
Secure Password Storage
C5. Password Storage - How Not To Do It!
Implement Appropriate Access Controls
Implement Logging and Intrusion Detection
Examples of Intrusion Detection Points
Vulnerabilities Addressed - All Top 10!
Unmanaged 3rd Party Components
Design Patterns for Integration
Best Practices
Don't leak information
Project Page
Taught by
Devoxx