1 hour 57 minutes

Video Description

In the final module in this course we take a look at the source of many of the vulnerabilities that exist in the IT world. Much of the blame can be placed on unsecure software. It's certainly easy to blame developers for this unfortunate state of affairs, but it would be unfair for them to shoulder all the blame. We mention that a large part of the reason that software is unsecure is because designing and creating secure software is typically not a priority. In fact, it's often an afterthought with the emphasis from management to simply ship working product. Topics we'll discuss in the remaining videos are: - Development methodologies - Common software architectures - Monitoring and auditing of software - Adversaries and threat sources - OWASP Top-10 vulnerabilities for web applications - Change management - Assessing vulnerabilities - Databases - Verification and validitation - Secure disposal of software It's a long module, so buckle up! The finish line is in sight.

Video Transcription

already. At long last, we have made it detractor eight. Chapter eight is about software development, security. So when we look at this chapter, obviously we need to take a look at why Software's unsecure in the first place. Because when you think about it,
all of these things that we've talked about up to this point,
whether it's redundancy, confidentiality through encryption or, you know, at firewalls and intrusion detection devices in all of these security elements that are so essential and network
ultimately it all comes back to the fact that they're protecting something that's inherently unsecure
our software. So what we'd ultimately like to be able to do is write secure code, and I know that seems like a novel concept, but that's what we're what we're looking to do. All right, so we'll talk about some development methodology. Some approaches to software development.
We'll look at some cart common architectures, you know, kind of the design on which applications are built.
We'll talk about monitoring and auditing the software. Ah, well, look, att adversaries, where do the threats come from? Who stands to benefit from attacks on our software? And then we're gonna look at, uh, Oh, wasp. That puts out a top 10
list of vulnerabilities, and I think you'll see quite a few questions from this area.
And of course, a WASP focuses on Web applications, and I think it's Ah, certainly good section to really focus on. As far as vulnerabilities go, we'll talk about change management, making sure that as we're developing code, we followed good processes and procedures.
Then we'll look at assessing. The vulnerabilities are coat. Where's the weakness?
You know? Have we validated input? Have we made other common mistakes? All right, so from there we're gonna talk about just the software development processes, and then we're gonna move on to talking about databases. I think that you're going to see a couple questions on databases, and they may just totally be definitions.
Many people, I think, have the experience where
they get a lot of questions on, you know, relational databases. What's a primary key? What's a 40? What's it to full? So we'll go through and certainly hope to define all those terms for you.
Ah will wrap up with verification and validation ultimately, what we're looking for a certification and accreditation that come through verification and validation. And then last but not least, all good things come to an end.
So making sure that we have a secure process for disposing of the software, migrating any data that's necessary also.
So all this is coming up in Chapter eight.

Up Next

Software Development Security

Domain 8 covers understanding, applying, and enforcing software security

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor