Time
7 hours 33 minutes
Difficulty
Advanced
CEU/CPE
8

Video Transcription

00:00
Hello and welcome to the side. Very cop TIA Certified Van Security Practitioners Certification Preparation Course.
00:10
This is Martin of A five, which is titled Whole Security Controls.
00:14
These are the learning objective, which encompasses marjoram. A five
00:18
that's not turn a teaching award. The discussion of application development, security.
00:23
This particular section is actually set your number two.
00:27
We have only 1 90 objective.
00:30
Let's begin by taking a look at a pre assessment question, and the question is as follows. A blank addresses a specific customer situation and often may not be discredited. Outside that customer organization is a rule up. Be a service pack, see a patch or D ah, hot fix.
00:51
If you said like the day you absolute correct, it is in fact, a hot pics.
00:56
Now we begin the process of taking a look at application security
01:00
as a future certified advance secreted practiced. Besides protecting operating system on the holes, there's also a need for you to protect application of run on. These devices now forced the aspects of Appalachian security. We have application development, security, and then we have application heartening and patch management.
01:19
The first item on our agenda is taking a look at security for these applications, and obviously, as a certified advance security practices, you must be considered us through all phases of the development life cycle. The application configuration Baseline, which encompasses a standing environment settings, can extend a secure base line.
01:37
It includes each development system, built system and test system
01:41
and must include systems as well as network configuration.
01:45
Another area of concern is making sure that we have secure or engage in what we call secure coding practices. Because when you engage in that process, code and standards, what is going to increase the application consistency with liability Security code instead will also allow developed, quickly, understand and work with cold.
02:04
There has been developed by different members of a team,
02:07
and last, a coder stands are useful in code review process. Now, good example of coding standard is to use a rapid function. Other words, a substitute for regular function use in testing to I error checkin routine for P existing system function.
02:23
This brings us to air of an exception handling when you think about Eric. Basically what era is it's fault that occurs when applications running. Obviously we look at response to the user should be based on the error. The African should be coded so that each era is caught and effectively handle. Obviously, when you have improper
02:43
error handling an application, it can lead ultimate to some type of application failure.
02:50
Now follow may indicate potential error handling issues. First of all, failure to check return Coz I handle exceptions and papa checking up perceptions or return Cold Helen all return cold exception in the same manner.
03:04
Aaron Firm is that it bulges potential assistive data. Now there's a process called fuzz tested, and basically it's a software testing technique that it literally provides invalid, unexpected or random data as inputs to a program.
03:20
Then we have a term called input validation, not input validation, a specific type of air handling. It's verify responses that user makes to the application. When you engage in what we call improper verification, it results in a cause for, you know, s S s s Curiel injection or XML injection attacks.
03:39
We have a term called cross site request forgery,
03:43
this particular type of situations and intact that uses again to use his Web browsers setting to impersonate the user, so to prevent cross site scripting and program should trap or type for these usual responses.
03:58
Julie speaking in bit input validation. Julie uses a server to perform validation. In this case, we're talking about a service I validation. It is possible to have the client perform validation of words. Client science validation. When you look at a client's eyes validation, all input validations and error recovery procedures perform
04:17
by the user's Web browser.
04:18
Now, obviously, there's approach to preventing SQL Injection tank is about using SQL Relational databases. No, SQL is a non relation database that's better. Tune for accessing large data sets
04:31
another thing that we can do as a future certified advance security practices. You want to make sure we ensure that the application of harden and the purpose is to is intended to prevent Attackers from explored the vulnerabilities. When we think about our vulnerability, it is a weakness in the software or application.
04:49
We also engaged in a process called Patch Man rare until recently in this case, uses one weapon exists of patches or where took want him more application Patch ministers have been developed to again to patch these various vulnerable is that become readily apparent
05:06
now It's time for post assessment question, and the question is as follows.
05:12
Which of the following is not an advantage to a secure coding? Is it a cordon standards? Increase application? Mississippi Deniability in security. Be courted. Stannis. Allow developers to quickly understand and work through cold. There has been developed by different members of a team or see Kota Standish
05:31
useful in court review process
05:33
And lastly uses can disable our circumvent updates. Jess as they can if they're computer, is configured used of vendors online updates service.
05:46
If you select that D, that's absolutely correct.
05:49
Uses Candace Able or circumvent updates just as they can. If they're computer is configured, used the vendors or line update service
06:00
for the review. During this presentation, we discuss protecting application of running your heart where discussed create configuration baseline as well as secure coding practice.
06:11
This brings us to an upcoming topic, which is Title section three. How to secure data. Look forward to seeing you in a very next video

Up Next

CompTIA CASP+

In this course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA A+ Exam!

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor