Whitelisting is preferable to blacklisting when a system needs to use secure defaults.
- Let's talk about lists, … lists that allow something and lists that deny something, … and why allow lists are the more secure choice. … Santa Claus famously keeps a list … of children who are naughty and nice. … Nice children get presents, … but naughty children get a lump of coal. … Deny and allow lists bring a similar idea to programming. … Deny lists, sometimes known as blacklists or blocklists, … are a reference list of items or actions which are negative … and should be forbidden. … It may be IP addresses … that have been banned from accessing a server. … It could be actions that a user's not allowed to take. … It might be types of data that a server will not accept. … Allow lists, sometimes known as white lists or safe lists, … are the opposite. … Instead of listing what should be forbidden, … they list items or actions which should be permitted. … The usernames that can access a website … are a common example of an allow list. … You may think that deny lists and allow lists …
- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Web Programming Foundationswith Morten Rand-Hendriksen58m 44s Beginner
Web Security: Same-Origin Policieswith Sasha Vodnik1h 54m Advanced
1. Security Overview
2. General Security Principles
3. Filter Input, Control Output
4. The Most Common Attacks
Next steps2m 26s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.