An important step in increasing security is to think about the exposure points in a system and the places where data is stored and where it travels.
- Our final general security principle … is to map your exposure points and data passageways. … Remember the fundamental security equation … from the beginning of this chapter, it was Awareness … plus Adequate Protection equals Security. … Mapping data movement and exposure … increases awareness of vulnerabilities. … Once we're aware of them then we can protect them. … You can't secure a door if you don't know it exists. … Mapping helps to define the attack surface. … The attack surface is made up of all the points … that are accessible to an attacker. … It's where they could get data in or get data out. … If you were mapping exposure points for the castle, … the attack surface might be made up … of walls, doorways, gates bridges and tunnels. … You can think of your map as a security checklist. … you may decide to create a list in a word processor … or to draw out diagrams on paper showing the paths … the data takes. … You should take inventory of where data enters your systems … how it moves between system parts and where it's stored …
- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Web Programming Foundationswith Morten Rand-Hendriksen58m 44s Beginner
Web Security: Same-Origin Policieswith Sasha Vodnik1h 54m Advanced
1. Security Overview
2. General Security Principles
3. Filter Input, Control Output
4. The Most Common Attacks
Next steps2m 26s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.