Part 1 Intro

Video Activity

In this training video, participants are introduced to their instructor and also learn about the objectives of the course. The Secure Coding course covers the following: • Lab Tools, vulnerable web apps OWASP Top 10 for 2013 • SANS Top 25 for 2011 • Active Defenses • Threat Modelling The instructor also offers reasons for why it is important to lea...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
9 hours 31 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Description

In this training video, participants are introduced to their instructor and also learn about the objectives of the course. The Secure Coding course covers the following: • Lab Tools, vulnerable web apps OWASP Top 10 for 2013 • SANS Top 25 for 2011 • Active Defenses • Threat Modelling The instructor also offers reasons for why it is important to learn about secure coding: • Protection of applications • Protection of Intellectual property • Protection of Business Reputation • Government mandates (eg PCI_DSS/PA-DSS) Finally, she also discusses about how secure coding is important when it comes to lowering risk and vulnerabilities.

Video Transcription
00:04
Hello and welcome to the cyber Eri I t secure coding course my name Miss anywhere. And we will be going on this journey together learning about secure coding techniques as well as how the attacks are done
00:22
and the appropriate mitigations and counter measures that we can put into our application code. So our agenda for this course is first, there'll be this introduction, which is what you're watching. Now
00:35
we're gonna have some additional videos that go through the lab, set up
00:39
some demonstration about some tools that we're gonna use, and then a very short description of the vulnerable Web applications will be using.
00:49
We will be covering owe us top 10 for 2013 and we're gonna be spending a lot of time in those categories.
00:58
Likewise, were going to cover the sands top 25 items,
01:03
particularly the areas that are not covered in a wasp.
01:07
Well, briefly look at some active defense techniques and then we'll finish up the course with some threat modeling.
01:15
Now first, just to let you know a little bit of background about myself. I come from a programming an architectural background for over the past 20 years.
01:26
I also author, several security books, one of the books you could actually uses a textbook to complement the material that we're gonna be going through in this class.
01:38
The title of the book is Secure coding Field manual, and it is veiled. Want Amazon?
01:44
If you would like to contact me, you can reach me at my Twitter account. That's anywhere.
01:49
So why should we learn secure coding in the first place? Well, obviously, we know that we need to protect our applications,
01:57
which of course, contains our intellectual property.
02:00
And there are many, many reasons why we can get into protecting those applications
02:07
anything from business reputation to basically making sure that our company stays in business, that we have our jobs.
02:15
And then, of course, there are government mandates, in particular regulations that are now requiring organizations to provide secure code training to their developers.
02:24
So what exactly are the risks that we're trying to address is we cover this material
02:30
mainly Internet show. We're trying to address exploitable code. Now explainable code could be the result of various things. Two of the main areas would be defects or malware. Obviously, defects are unintended.
02:46
These are programming bugs
02:47
that programmers do and inadvertently create exposure points inside of their code. And then, of course, malware would be that intentional vulnerability, something injected into the code to make it explainable. So what exactly are we going to cover?
03:06
We will cover the OSS top 10 for 2013. We will also cover the C W E Sands Top 25 for 2011.
03:15
Now, as we go through each section,
03:17
there will be case studies that will talk about
03:21
Also, there's gonna be lots of demos of the exploits, and mitigations will try to show you some code for the mitigations as we go through those.
03:30
And then each module will have a hands on lab where you actually need to perform the exploit against a vulnerable Web application.
03:43
Now we might be using burp sweet quite a bit. There also, some browser embedded plug ins that will be using or that you can use if you feel more comfortable.
03:53
Also, we're going to cover some of the certain secure coding standards. Now there are tons of these, and so I've only picked out a handful to Sprinkle in with our material, basically to provide some additional clarification and then we'll go into some threat modeling.
04:12
So the S top 10 for 2013 we're going to go through this list extensively and then the sands C W E top 25.
04:20
Basically, we are going to cover all of the categories that are not previously covered in the O R section,
04:30
so I'm listing them out here for your viewing. But realize will go into each one of these in depth
04:35
in our material.
04:39
Now there are three main categories that I've broken the material up for the sands top 25 into
04:46
the The categories include insecure interaction between components, risky resource management and porous defenses.
04:53
If we were to take a look a definition for each one of those, we can see that insecure interaction between components
05:00
is exactly that. Well, you've got some sort of weakness that can occur
05:05
during the exchange of information or data or in the interaction of components or modules or programs together. Risky resource management
05:16
has to do with the handling of your system. Resource is, and some sort of week
05:21
or risky manner
05:26
now porous defenses. This is where we have programmers that actually do put some sort of defense of technique in place, but unfortunately it's not done correctly or it's misunderstood.
05:39
If you were to try to compare the two list together, you would realize just how huge the C W E Sands listing is. They have over some 700 vulnerabilities,
05:50
our software errors identified and oh, hospice,
05:55
just a very small subset of those errors. And then certain, of course, this is what I have sprinkled into the content
06:03
covers all of these major languages,
06:06
uh, and is
06:09
is thick with a lot of details.
06:12
Please go out to their website in. Have a look if you see a language here
06:18
that you code in.
06:20
So from this point, I would like to direct you to go ahead and start watching the videos that help you through your lab set up.
06:29
Then I have a video on a brief explanation of what burp suite is.
06:33
And then I have a short video on how you can start up Mattila Day inside of the V M that's available for the course
Up Next
Secure Coding

In the Secure Coding training course, Sunny Wear will show you how secure coding is important when it comes to lowering risk and vulnerabilities. Learn about XSS, Direct Object Reference, Data Exposure, Buffer Overflows, & Resource Management.

Instructed By