Video Description

This lesson begins with the definition of porous defenses. This category identifies weaknesses related to defensive techniques or secure coding practiced that are often misused, abused, ignored or misunderstood by the programmer. Missing authentication for critical function is when a blank or empty password is used to access a database. Participants receive an example of some sample code to accomplish this. This unit also discusses and offers samples of: CWE 807 Reliance on Untrusted Inputs in a Security Decision CWE 250 Execution with Unnecessary Privileges CWE 863 Incorrect Authorization CWE 732: Incorrect Permission assignment for critical resource Finally, a case study about web app developers placing millions of users at risk is presented, citing a case in which German security researchers discovered 56 million data records lying unprotected in cloud back-end security databases.

Course Modules

Secure Coding