Multiples layers of security provides defense in depth and decreases the vulnerability of a single weak link.
- Skydivers don't just take one parachute with them. … They take a second backup parachute … in case the first one fails. … It's common sense. … It's too risky to have a single point of failure, … so redundant measures are put in place. … This is defense in depth against the threat of gravity. … Defense in depth is another way of saying … that you have layered defenses. … Defense in depth was originally a military term. … The idea is to establish layers of defensive measures … to slow an attacker down. … Imagine a castle at the top of a hill. … If an army is going to attack the castle, … they'll be tired when they reach the top. … Then the army must get past the castle wall, … which probably has soldiers on top shooting at them. … Then if they can get past those defenses, … there may be a second inner wall, more soldiers, … and the king and queen may be in a well-fortified keep … deep within the castle. … The king and queen feel protected … by their many defensive layers. … The slope of the hill, the wall, the soldiers, …
- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Web Programming Foundationswith Morten Rand-Hendriksen58m 44s Beginner
Web Security: Same-Origin Policieswith Sasha Vodnik1h 54m Advanced
1. Security Overview
2. General Security Principles
3. Filter Input, Control Output
4. The Most Common Attacks
Next steps2m 26s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.