Video description
It’s an unfortunate truism that many good developers are bad at software security. They cling to the belief that security is something you can just buy and bolt on, but that’s not the case. It’s not that developers want to be bad at security, they just don’t know where to start and where they should go. This video offers a clear route. It begins with a high level overview of today’s security threats and the organizational strategies used to counter those threats; it details the roles that SSG members, developers, testers and operations personnel must perform in a security focused SDLC; and finishes with a survey of the protocols, tactics, and tools used to optimize security at the physical, network, application, and perimeter levels.
- Understand the goals, costs, and limitations of software security
- Identify fifteen types of security attacks such as WebSocket, SQL injection, and TLS Heartbleed
- Discover six core principles of software security including Defense in Depth and Fail Securely
- Learn about threat modeling using tools like STRIDE, CAPEC, and attack trees
- Recognize the capabilities and limitations of password policies, WAFS, and Firewalls
- Review authentication/authorization techniques like HTTP Digest, OAuth 2 and JWT
- Learn about the CORS, CSP, and HSTS security policies and protocols
- Explore the W3C Web Cryptography Working Group’s newest security protocols
Brian Sletten is a software engineer who focuses on security consulting, web architecture, resource-oriented computing, social networking, the Semantic Web, data science, 3D graphics, visualization, scalable systems, and other technologies. He has experience in retail, banking, online games, defense, finance, hospitality and healthcare.
Publisher resources
Product information
- Title: Introduction to Secure Software
- Author(s):
- Release date: March 2016
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781491943595
You might also like
video
Fundamentals of Secure Software
This course offers a comprehensive guide to securing software applications from design to deployment. You'll start …
book
Designing Secure Software
Designing Secure Software consolidates Loren Kohnfelder's more than twenty years of experience into a concise, elegant …
book
Secure by Design
Secure by Design teaches developers how to use design to drive security in software development. This …
book
Foundations of Information Security
In this high-level survey of the information security field, best-selling author Jason Andress covers the basics …