Integrating Software Applications Part 1
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Integrating software applications, part 1.
00:00
The learning objectives for this lesson are
00:00
to describe secure coding and design patterns,
00:00
describe software assurance concepts,
00:00
and to differentiate
00:00
various software components in integration.
00:00
Let's get started. Let's go
00:00
over some of the different parts
00:00
and components of web technology.
00:00
First, we have web servers,
00:00
Microsoft Internet Information Server or IIS,
00:00
Apache, NGINX and WordPress.
00:00
Then we have database software,
00:00
Maria DB, postgres SQL,
00:00
and Microsoft SQL,
00:00
next we have web development frameworks,
00:00
Ruby on Rails, Angular, and Django,
00:00
then we have markup languages,
00:00
XML, CSS, HTML, and JSON,
00:00
and finally we have
00:00
the actual programming languages, Python,
00:00
Ruby, Perl, C-Sharp, Java, JavaScript, and.Net.
00:00
Secure coding standards.
00:00
Secure coding standards are similar to templates,
00:00
and they allow for
00:00
a structured approach to creating secure applications.
00:00
The goal was to prevent coding vulnerabilities from being
00:00
introduced into your actual code.
00:00
This also reduces the upfront costs
00:00
by preventing the vulnerabilities
00:00
rather than having to fix
00:00
them after you've released a product.
00:00
Here are some sources for secure coding standards.
00:00
The first is Carnegie
00:00
Mellon Software Engineering Institute,
00:00
and the second is OWASP Secure Coding
00:00
Practices Quick Reference Guide.
00:00
Also don't forget the links are in
00:00
the supplemental material for this course.
00:00
Here are some examples from OWASP, input validation,
00:00
authentication and password management,
00:00
session management, database security,
00:00
file management, and memory management.
00:00
These are areas that programmers need to
00:00
take a special care with when they're
00:00
creating their applications because this
00:00
is where the most common vulnerabilities occur.
00:00
These are very common attack vectors
00:00
and they're well-known, and because of that,
00:00
there have been many vulnerabilities
00:00
discovered in many different products across the web.
00:00
If you'd like a more detailed explanation
00:00
of any of these from the OWASP Top 10,
00:00
you can check out Cybrarians Series on OWASP Top 10.
00:00
Secure design patterns.
00:00
These are a template for a general solution for
00:00
a security issue that can be
00:00
utilized in different situations.
00:00
For example, you may need something that
00:00
covers federated identities,
00:00
and by using this,
00:00
you can ensure that
00:00
your federated identity matches up to secured standards.
00:00
These can be plug and play,
00:00
you drop one in and use that to ensure to
00:00
that you're at best practices for
00:00
that particular component of your app.
00:00
They cover a wide ranging parts
00:00
of programming components such
00:00
as identity and access management,
00:00
federated identities, cryptography,
00:00
public facing websites, and many others.
00:00
Let's talk about the concerns
00:00
we might have with integration.
00:00
First, we have container APIs.
00:00
These extend the capabilities
00:00
of containerized applications.
00:00
Then we have API Management.
00:00
APIs are often targets from attackers,
00:00
and because of that,
00:00
we have to take special care
00:00
to make sure they're protected
00:00
and that they're documented.
00:00
We also have Middleware.
00:00
These are software applications that are designed
00:00
to be integrated between two systems.
00:00
When you're looking for a new application,
00:00
you go through an application vetting process.
00:00
The first step is to do not assume that the software was
00:00
created in a secure manner
00:00
and is free of vulnerabilities.
00:00
Before you implement any software in your organization,
00:00
in a production environment,
00:00
you have to test it, and testing should validate
00:00
all of your security requirements
00:00
for the organization before you implement it.
00:00
Let's summarize what we went over in this video.
00:00
We went over the different types of web technologies.
00:00
We discussed secure coding standards
00:00
and the application vetting process.
00:00
We also whenever secure design patterns
00:00
and software used in integrations.
00:00
Let's go over some example questions.
00:00
Question 1, what is the process of ensuring that
00:00
a deployed application meets
00:00
security standards for an organization?
00:00
Application vetting process. Question 2,
00:00
what is the type of software that is
00:00
designed to integrate two systems together?
00:00
Middleware. Question 3,
00:00
blank are templates for
00:00
general solutions for
00:00
security problems that can be used in
00:00
software design, secure design patterns.
00:00
Finally, question 4,
00:00
these are templates that offer a structured approach to
00:00
coding to prevent the introduction
00:00
of security vulnerabilities.
00:00
Secure coding standards.
00:00
I hope that lesson was helpful to
00:00
you and I'll see you in the next one.
Up Next
Instructed By
