Time
1 hour 27 minutes
Difficulty
Intermediate
CEU/CPE
2

Video Transcription

00:00
Hello. My name's I happily welcome to the overview off Secure code in.
00:05
You're probably wondering why I should take this course if your program as we can to develop secured applications or you develop Alec into C can. It is the application of their penetration test Alec into test for vulnerabilities in court or you're just on auditory. Gets all the systems for security compliance. This is the right spot for you
00:23
to get the best off this girl's You need description or Korean experience
00:27
in any programming language of choice, which could be Java or I don't know, Sasha. They need on standing on SQL or its variants, which would be my SQL post rescue or Sequels. Over there. You need an understanding on Web occasions on architectural, especially in the embassy bottom.
00:44
Also, you need a busy gone standing off. It's a security person pours outside his video. You need an integrated development environment for coding like Ned beans. Eclipse. They need glasses Server. Autumn Kappa Party, which is going to solve a sovereign container or occupation summer.
01:00
They need some one which is going to stop us in my school
01:04
summer. They need my SQL J D B C, which is going to a house connectivity between your job. Apples on the backhand it's up is they need a Gin Rickey application, which is Javad Develop bank. It's on Jabbar on time environment. They are going to provide the resources necessary for you to people to run your job upwards
01:23
once again on my open your Lonnie.
01:25
Is that a fact? Grandma, for start up our certified as a night sacred profession are Trina professional member of the British Contrast site.
01:34
Between 2000 0 to date are better optician Development of all sorts aren't trained on international standouts. In security costs is for good men. Stop not consult defense on perfect businesses.
01:47
After that, Just said six and international stand out seven articulated one degree mark Duncan Science. What? Bridget is so strange. Name
01:55
can regional every month. A mobile for person it is. He can actually connected me on lengthen or simply *** Man in you. At the end of the cosmos, we will surround secure costar assistant job doc mechanisms or write codes with the least our box office.
02:09
Most people are adults. Good programming process is called security. I mean, basically development processes
02:15
the causes for union application developer on Application Day Star on application design, even if your justice to their willing to lend out right defensive wounds
02:25
because it gets being too through episodes. Episode one is the body overview off sick Your body? Why I absolutely going to Rhino's True Top 10 blowups. Vulnerability Maybe not everything, but it costs triple number.
02:39
So let's get started
02:42
now. Episode long. We're going to begin Addie introduction to secure footing principles. All right, the security asset for your abilities on the risks on easy kill codes so
02:53
secure a good in itself is including mental or practice that prevents us like the black arts, the white at the great. That was the difference between the blackouts and the white up then the white out and a great up the block ads does not have a good intention. He just wants to act
03:10
from outside a very Medog organization into the
03:14
AARP officials in the organization.
03:17
It also are good. Intention is mission is just to come, and still then why body white? Half the White House is actually a member of organized a member off stuff off the organization was the son of responsibility off testing applications for vulnerabilities is without great arts.
03:35
He's probably on external consultants. Does mean I had to help this. The applications,
03:39
um,
03:42
on check for vulnerabilities on them. So
03:46
secure code in prevents all these hackers from Guinea nor notarized. And only then that passes to the application dynamics on its resources, especially in today. So the database is not doing the resource that are getting better bases there.
04:00
The pass on the first of us. The four does on some other important resources all over the computer environment. So sick your body is a mere thanks, so that prevents them. He can also read up on our top us previously
04:15
taking place so sick your body will prevent them or correct it prevails. So speak up.
04:20
Secure coding is a preventive Consul Orner All it corrective. Control it out now. Generally, we're looking at the security principles, the access security, and so is a broad field
04:33
in Denver passes operative system security. Next off. Security application security database security So sick you're good in this part of the application of security. And as I was saying, secure Gordon is a subset off itis security now United Security. The athlete means we call the security triumphs, and that's confidentiality.
04:54
Integrity on availability. So secure code in which is a stop, said about the security also strikes.
05:00
So I achieved this three fundamental things. Confidential integrity on availability. So what's his confidentiality? It's a mother's secrecy, off critical information. There are some kinds off information that I don't want it also members of the organization to lay about. And there are some that don't want outside us to. Maybe that's why
05:20
there are different types of classifications for information.
05:25
We are the some information. Some snippets of information can be classified us in, so now some can be classified as public. Some can be classified as confidential, so the secrecy of such information is a local confidentiality. It helps us to determine who should.
05:41
I will shoot about sisterly information at the Hassler. Simon, please.
05:45
So this is what we got. Access control because it specifies those who should have access that can. Abbas is I'm not those who can babysit. That should about because if you look at those who can babysit
05:58
external penetration, test our black *** camera Chinese about, says Bush. Abbott says no. But those who should about said those are legitimate users. They should have a sense Andi can't babysit. So like I said, it's a sten access control. If you're ProPublica, did you access control? I can assure you that confidentiality is on. Next thing will be assured
06:16
why my integrity? It's a body accuracy. Our liability.
06:20
I can actually conceive of food and corrupt the time. It's obvious that's why I got this corruption, because it simply means the detail will already be in what used to be on. In this case, integrity is difficult, so secure couldn't prevent any other come from money plates in the courts to make changes in the database.
06:38
Now availability availability is about you with unauthorized being able to access our data. Assad's When'd you so sick you couldn't prevent legitimate is up from being locked up there by giving them access to critical resources. Now a very good example. Off credibility Juries.
06:55
What we got a denial of service do is
06:58
now endures. I can manipulate your reports to send several unnecessary points to the summer. In that case, they were overwhelmed the capability of Sabata restaurant millions or such requests on it. That is, when is the several crashes on it becomes in capital of seven. Legitimate is a
07:16
So, in this case that's made to use a scandal. Got says this summer.
07:19
See ya, Cody. Watch Charlie or prevent such availability decision. Now, why do we even need to carry on secure Cody? What's the sense of security? Then? That's our secure pudding is to protect our assets from basically or damaged or act. So what exactly is now an asset? And I said his age in the *** value to you.
07:39
You said if it is your asset, your cat is an asset because they all our values to you now the most valuable asset to our organization, apart from you might be, is our data.
07:48
A data is very, very crucial to that. So I petition is also an asset
07:55
because it is off importance to us. It has value to us. So although it is intangible, while they're something tangible, so a very good example of a tangible asset Adu's important documents in your office now it simply means an asset and tangible intangible.
08:13
So, apart from all of these other assets that can be accessed, the vocals Are you secure?
08:18
Are so schools are dead Bees on the document. Now let's take a new cats. Witnesses in our Gold Star Volkoff abilities other was to take you through some of them on our secure on the secure argument for geologists of us. Then
08:33
in subsequent usually the most common vulnerabilities in these sick operative parasite or stop them from tablets which include injection security, Miss consideration is off. Shanda gonna monitor the rest off them. Move it, get it to the rest of the motor. Will be that. Get all this from your appearances.
08:52
Now, risk assessments were opposed to assess the level of risk
08:56
in our basic yokel. So you have to adopt a secure within practice to reduce centuries. I like you can see risk simply means likely would multiply by impact It some cases you can use close
09:09
the as your prettiness offices. You can use minors. Just ensure that whatever using one place is consistent across book, for example, it likely it is true.
09:18
Any practice 2000 U. S. D. Lost napkins, so the risk would be too time to 2000 and 4000. So I think the meat on that classes are probably going to lose 4000 US. So let's take a look at risk assessment providing in this document.
09:37
So we got to see that
09:39
we are equal on for all the assets. For example, our core banking up Barnaby's injection. So on a scale of 1 to 5, I give it five because that is where our packets Johnny on because they know they can make a lot of money from the so the likelihood of such I give it five now confidential agency.
09:58
I give you five because
10:01
customer data are actually on the banking on the cop barking up so confidential, Iet's transit. Why buy integrity? I give it a five to, because integrity can be seriously. But then what about availability? Wants the copper canyons down. There's going to be on a mission, so I give it a five.
10:20
That's the level Aussie variance.
10:22
Now, if you look at it likely with this five. If you find the average off this in part, you know the law for risk is likely would multiply by impact if you find
10:33
the average off. 55 on $5.15 so 15 divided by three. Give us five.
10:41
So likely five times in part which is fire that you saw stratified. You can't management's I said management up for injections. I give it they want because the likelihood off an asset management's application being affected is very you. So I give it they want.
10:58
You can see the impact. I give it a two for one tree. You have three of them to get up.
11:03
You get in nine. So 93 kids last night. So one times three is actually three now the same thing is after cable todo Now let's take a look at risk Here goes on five years, three on hay Straw 25 is going to rock fest because it looks like the riskiest off all the applications.
11:20
Now the 2nd 1 is the water asked.
11:24
I'm on. I give that a second now they thought won't ask three. And that's why I thought so. If you're going to be asked, which one of them is more critical that the core banking and that's us to be probably coded in darkest. So apart from that,
11:41
we are these questions for you to answer like the 1st 1 is the busy three tryouts off security,
11:50
confidentiality, integrity, availability on the shot and danger of celebrity. Confidential to reliability, integrity on all of that which all future, which are the following is a formula for wrist like *** model, climate probability, probability and likely would like new Times in part. So which would you choose? You can see D
12:09
Confidential's in Tikrit. Often abilities outside darkies
12:13
likely would impact. Like I told you, a music close in Darkest is accepted. So basically, we've looked at the definition of secure cogen. We've got a precipice off security, the C I A.
12:26
Look, we've looked at the essence of secure footing is considered a vulnerability. Always two ways to look at the top. Then Coop Slater in this office.
12:35
But I've been able to define off your abilities. Have told you that risks equals like you supplied by the impact

Up Next

Secure Coding Fundamentals

In Secure Coding Fundamentals, Ayokunle Olaniyi takes you through the best coding practices, which ensures that the application developed as a result stick to the CIA triad and are not riddled by the OWASP top 10. Various aspects of code security and risk assesments across the OWASP top 10 are discussed along with the preventive measures.

Instructed By

Instructor Profile Image
Ayokunle Olaniyi
Instructor