Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.
- In this chapter, … we'll discuss general security principles. … These principles are the foundation … for the specific issues that we'll cover in later chapters. … If new technologies emerge in the future, … these core principles can still guide you. … They are fundamental to all of security. … We'll start by talking about … the principle of least privilege. … Think about your house or your apartment. … Who do you give keys to? … You might give keys to a family member, … your next door neighbor, or to a trusted friend. … However, you would not give keys to all of your family, … or all of your neighbors, or all of your friends. … You control and limit the access to your personal property. … Many office buildings have security guards … who regulate access. … If you work in such a building, … you may only have access to some floors or some departments. … Even within those areas, … there may be spaces that are off-limits to you, … such as a server room, a supply closet, … or even certain filing cabinets. …
- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Web Programming Foundationswith Morten Rand-Hendriksen58m 44s Beginner
Web Security: Same-Origin Policieswith Sasha Vodnik1h 54m Advanced
1. Security Overview
2. General Security Principles
3. Filter Input, Control Output
4. The Most Common Attacks
Next steps2m 26s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.