Time
35 hours 10 minutes
Difficulty
Advanced
CEU/CPE
8

Video Transcription

00:00
Greetings and welcome back the Siberia's cop Tia, certified of band security practice. Nous certification.
00:07
Preparation course.
00:09
We're gonna continue our discussion off marginal of six.
00:13
We're just tired of secure development.
00:15
These are objectives which encompasses this particular margin. Number six.
00:19
However, we can continue. Folks are teachable, Understand? With promise for software development,
00:25
in fact,
00:26
is titled Section two. We're gonna continue on with our discussion off section two of this particular Marshall.
00:37
But before we get going any further in this course freely the first or take a look at this pre assessment question. In fact, this is a true in fault or false statement and the statement is as follows
00:49
Farts tested is a type of testing. Were automatic or semiautomatic testing techniques. Are youse discover courting errors and security, new polls and software
00:59
operating system on networks by inputting imbalance or ran in medical fuzz to the system.
01:06
Is that true or false?
01:08
If you said let the true you're absolutely correct, the statements absolutely correct in regards to
01:14
I was testing.
01:18
If you call in the previous video, we actually began the process of Internet video by actually discussing secure coding practices and so these are some of the things I want you to be be considered as takeaways from the previous video.
01:30
One of things will always keep in mind. Do not leave security until the end of development,
01:36
because security should be an intricate part of the entire process. Because always as a future certified advance security practiced ER, you must consider the motive for the attack,
01:47
and the reality is no one is safe.
01:49
So what, in fact, our secure code status there secure code status or rules and guidelines use of event security vulnerabilities, use effectively, secure code and practice. What they're doing, in fact, may prevent they detect and eliminate errors that could compromise your software security.
02:07
Then we come to a session management. Such a magic tax occur when attacker breaks into your Web applications. Such a management mechanism to bypass the authentication controls and spook the Valent user to take next tip of you. They use a session token prediction,
02:23
or they use the session token snipping and tamping.
02:28
We come to term call first testing basic. The type of testing where you have automated are similar automated testing techniques. They're used to discover coding errors and security loopholes in your software operating system and so forth. The system is mont for various exceptions, such as crashing down, off the system off failing,
02:47
built in cold and et cetera.
02:50
So how do we do funds testing? It's simple. We have six steps we need to mention here. First, all you identify the target system.
02:57
You wanna identify inputs. Step three. Generate fuzz data. Step three executed the test using fuzzy data.
03:06
Step five. Monitor your system Behavior and last Thing Law. The Defects. Some examples off buzzes buzzes, mutation based fathers, and you have generation based type puzzles
03:21
and somewhere engineering's first test and shows the presence of bugs in an application. Fuzzy cannot guarantee to take the books completely in an application, but by using this technique, it ensures the application is robust and secure, as its technique helps to expose most of the common vulnerabilities.
03:40
Then we come to security assessment and penetration testing method. These are other method we can you lies to what? To ensure or reduce again on mitigate the potentially for again opposite dealing with the Attackers and so forth.
03:54
So we wanna have we're gonna engage in what we call security audits are very viable to reuse. We're gonna also engage what we call vulnerable assessment as well as penetration testing.
04:06
Let's not turn our teaching or discussing off post assessment question for this Section two.
04:13
And the question is as follows.
04:15
When is the founder acceptance? Testing used to perform is a prototype face be implementation phase see development face or D creation phase.
04:27
If you selected the implementation face, you're absolutely correct.
04:31
During the course of this particular presentation, we discuss the importance of secure coding standards. We learned that his rules and guidelines that used to prevent security vulnerabilities. We also discuss fuss testing, and we learned that it's a type of testing where automated or similar, automated testing techniques they use discovering coding errors
04:51
and security loopholes in your software
04:54
you're operates his own network by inputting invalid or random data. Call fuzz
04:59
to the system
05:00
in our upcoming presentation will be taken. Look at a key takeaway from this particular margin. Almost six.
05:08
I look forward to seeing you in a very Lexx video

Up Next

CompTIA CASP+

In this CASP+ certification course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA CASP+ Exam!

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor