In this video Emmanuel Henri introduces the role of the OWASP organization and the resources at your disposal to get more information. He also explains how to prevent security issues.
- [Instructor] If you are curious about security, OWASP is always a great place to get started in your research for potential threats and solutions. It is called the Open Web Application Security Project or OWASP and includes a big community and many resources available to you. So go to OWASP.org. So first if you're completely new to security in OWASP, head to the social media area and join the Facebook groups, select channels, or any of the other potential community available. So if you scroll down on the right, you'll see the social media area.
So you see Meet-Up, Facebook, Slack, and a bunch of others. So feel free to connect to the community on any of those channels. Then if you want to get more information on any kind of attacks by a name, go to the Reference area down on the left and you can click on here on the Attacks. Then visit any of the attacks. For example, we'll explore a little bit of Cross-Site Scripting and Cross-site Request Forgery on this particular course. And click on them and you're going to get more details as to what this attack is.
The description, what are their vulnerabilities, some code snippets, and so on and so forth. Also, if you'd like to get actual solutions or code snippets on several security threats, head to the code snippets area. So let's get back home here, and then in the Reference area, go to the Code snippets area, and then you can take a look at any of those. So where there's actually code snippets. So if we click on Cross-site Scripting, you can scroll and see some of the code snippets that are related to this attack.
So does this attack occur and how to resolve it. And some examples of code where you can actually make it better. And last, I suggest you also visit the vulnerability section to read on potential areas where your application might be vulnerable to threats. So let's scroll back up here and then you can click on the reference or from the home website on Vulnerabilities. And then you're going to get a little bit more information as to what these vulnerabilities are.
So for example, if you want to learn more about PHP vulnerabilities, you have PHP File Inclusion, PHP Object Injection, and then you can click on those and you'll get some description about that particular vulnerability and what are the potential threats and how to resolve it. So this a lot of good information and you should always go back to OWASP when you are questioning if your site or your application is actually vulnerable through any of these security threats.
So this site is full of resources to get you started and helps you in your research, but make sure to subscribe to their mailing list to get the latest information on security threats. So if you want to subscribe to their mailing list, scroll back up a little bit. And then in the Home little section here, you see Mailing List link. And then based off what the type of mailing list you'd like to subscribe to, you can click and subscribe to any of these mailing lists.
- The role of the OWASP organization
- Dealing with cross-site scripting (XSS) and cross-site request forgery attacks
- JSON Web Tokens
- Creating and securing API endpoints
- Routing authentication