From the course: Complete Guide to Application Security
Join today to access over 25,600 courses taught by industry experts.
Secure by design
From the course: Complete Guide to Application Security
Secure by design
- [Narrator] Insecure design is another significant risk with far-reaching implications. Think of it like this. A car with no brakes might get you down the road, but you're going to wish the designers had considered installing brakes the first time someone cuts you off in traffic, and that's the core idea behind insecure design. The application might function, but it will be inherently vulnerable to attacks. To illustrate the breadth of this issue, insecure design encompasses a whopping 40 CWEs. One of the things I really dig about this one is the call out from the project team to move beyond shift-left in the coding space and pre-code activities. Pre-code. That means we're working on security together before a single line of code has been written. That's just wild, and this is a major culture shift. We need to bake security into the design itself. Here's how you can expand this culture shift throughout your own organization. Start by performing threat modeling. This is crucial. Get…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
OWASP Top 10: The most critical risks3m 29s
-
(Locked)
Broken access control6m 47s
-
(Locked)
Demo: Implementing strong access controls5m 10s
-
(Locked)
Injection attacks5m 7s
-
(Locked)
Demo: SQL injection attack and mitigation9m 49s
-
(Locked)
Configuration security5m 39s
-
(Locked)
Secure by design6m 32s
-
-
-
-
-
-
-
-
-