Time
1 hour 27 minutes
Difficulty
Intermediate
CEU/CPE
2

Video Transcription

00:00
Hello. My name's I happily welcome to the overview off Secure code in
00:05
good couldn't process is not number one profound. So off, obviously no flows right out on Know of your slows. We understand that pretty sick your code is not necessarily easy. It's a lot of work. So that's all there for Tehran day. You still see flows all over the place, so my advice
00:21
design are right. Schools that's not necessarily require clever allergic to be secured.
00:27
Simple, not number two Design, FBI software security concerns. It is better to design DPS the security in mind right from the outset. You know, after wits until after the application must have been fully butte that you now want to retrofit security in sweet.
00:43
In that case, it's going to be more difficult on a rope prince who designed your epi eyes to avoid security concerns
00:50
right from the outset, Number three avoid duplication off boots on data here and there because application off road and that's actually causes many problems. So both good and that's our tend not to be treated consistently when duplicate that avoid such duplication, because when you make changes, it may not be applied to all the copies off
01:08
duplication
01:10
avoided. Now Number four. That's my best. Therefore, it's not. Although there flows will be eliminated that sets and even they were reviewed codes. That's sudden. So however, if you could his operative, we reduced privileges
01:23
then as petition off any flaws is likely to be trotted. So it simply means that I should stick to what we call the principal of this privilege.
01:30
Give me the only privilege I need to do my walk. Not anymore. So restricts privileges. That's is number four now. Number five. Establish trust boundaries in an answer. Should I system is protected, it is necessary to establish trust boundaries. This on example off it draws boundary here. Here we are.
01:51
This is what we call it. The Web browser on this is this summer.
01:55
Whereas A is going to send requests to December Now, always saying is, here you have what we call the trust boundary what the back home south off the Web browser as a request most rechecked at this boundary before it eventually gets to the supper on again. What about comes? Some has been two drops on responses.
02:14
So what am I respond to Subodh gives its must be checked by this restaurant. I'm sorry about this boundary
02:19
before it. Eventually I guess, to the where brother, The amputation as actually drink the check at the boundary to do was be careful you reviewed So it is very, very important that crosses the boundaries should be sanitized and finally did that before use This is the boundary. So they talk coming from the browser passing treat more than Sonny passed on while you did it.
02:38
Response is coming from the Saba
02:42
Passing through this boundary must also be Wat Sonny passed on Violated that So this is what we call the trust boundaries as publishing even the application the cord that this accident trust boundary must also be properly reviewed. So avoid problems here on there now, unless they can look out six
03:00
minimizing number commission checks.
03:02
Therefore security checks at few defined points. Then return the capability that client called retains. So there are no for that permission checks are inquire. What we're trying to talk about is just lie Session,
03:15
Keep your arm Security checks in session on. Do that only are defined point. You don't have to keep doing that at all time.
03:23
The user their petition needs to access something. Part of the application is just like internal single sign on this case. So minimize normal permission checks. You don't have to carry out the mission checks out all points. It's even reduces the velocity off the application. So it is better to minimizing about permission checks on
03:43
all in the occupation.
03:45
Number seven here is and cops live.
03:47
Allocate. Behaviors are provides off, sent in offices. Feuds off objects should be private. Yes, your is not very boom. You're a lot of variables should be private on a set so small you have avoided. So the interface of the Method Class package on Mu shu forming Guerin settle beagles are nothing more now.
04:08
The last but not least pays documents, documents, security related information, NPR documentation. She actually covert security, really that information everything that the security really the more properly documented, including the required but Michelle's security really that exceptionals call a sensitivity and any preconditions supposed condition
04:28
that really wants is security
04:30
documented this information in comments for it so can also helps and show that it's kept upstate. Yes, this are the references are used so far for because off consulted our kudos. Calm. Our genetics don't come off. That's all tutorials. Point does come. The beauty school. Those come, I say
04:47
very many thanks to then. So I thought out you have sent out to secure your close to frustrate our cops? Yes.
04:54
Tell them to come up with my expert. I was sure that the controls in place for that on as a cast. So you have seen what they do, what's put out due to security codes. Now you know their secrets are still advisor. You innovate wise, but it's wisdom back. And then, unfortunately, I'm a coda. A man so withdrawn brackets,
05:14
if you have any question consented to me at a march at yahoo dot com or you simply connect to me on Lindsay,
05:20
you can drop us off message. Is it? That is. I see my simple coop.

Secure Coding Fundamentals

In Secure Coding Fundamentals, Ayokunle Olaniyi takes you through the best coding practices, which ensures that the application developed as a result stick to the CIA triad and are not riddled by the OWASP top 10. Various aspects of code security and risk assesments across the OWASP top 10 are discussed along with the preventive measures.

Instructed By

Instructor Profile Image
Ayokunle Olaniyi
Instructor