Explore the path to developing secure software in this 46-minute conference talk from Devoxx. Delve into proactive security controls and techniques that developers can incorporate throughout the software development lifecycle to defend against cyber attacks at the application layer. Learn how to implement security best practices while writing code, with real-world examples addressing prevalent internet security issues. Discover the OWASP Top 10 Risks, Application Security Verification Standard, and strategies for early and frequent security verification. Master techniques such as query parameterization, output encoding, input validation, and secure authentication controls. Gain insights on implementing appropriate access controls, logging, intrusion detection, and managing third-party components securely. Benefit from the expertise of Katy Anton, a security professional with a software development background and OWASP Top Ten Proactive Controls project leader, as she guides developers towards building more resilient applications.
Overview
Syllabus
Intro
OWASP Top 10 Risks 2017 - RC2
Cyber attacks
OWASP Application Security Verification Standard
Verify for Security Early and Often
Parameterize Queries
XSS Payloads
Encode Your Output DO YOU WANT RSS
Contextual Encoding OWASP Java Encoder Project
Example of Validations
2nd Order SQL Injection Example
Vulnerabilities Addressed - All Top10!
Implement Authentication Controls
Strong cryptographic algorithms
Secure Password Storage
C5. Password Storage - How Not To Do It!
Implement Appropriate Access Controls
Implement Logging and Intrusion Detection
Examples of Intrusion Detection Points
Vulnerabilities Addressed - All Top 10!
Unmanaged 3rd Party Components
Design Patterns for Integration
Best Practices
Don't leak information
Project Page
Taught by
Devoxx
