From the course: CSSLP Cert Prep: 3 Secure Software Design
Unlock the full course today
Join today to access over 22,700 courses taught by industry experts or purchase this course individually.
Secure interface design
From the course: CSSLP Cert Prep: 3 Secure Software Design
Secure interface design
- [Instructor] Attackers often leverage user and administrative interfaces in an effort to exploit weaknesses in the app. That's one of the reasons you need to spend time focusing on how to securely design those interfaces. I don't know how many times I've said some variant of this idea throughout my career but I'll keep saying it as long as it remains true. You can't always trust the end user. Your developers are focusing on making the app easy and straightforward for the end users. They want the app to be simple to use and simple to maintain. As a CSSOP, you're the one they'll look to when they have questions about how an attacker might abuse those interfaces, as well as what they can do to minimize those risks. For example, consider how your privileged users will manage the application once it's deployed. One possible option is through an out-of-band management interface. This might involve an entirely separate app…
Contents
-
-
-
-
-
(Locked)
Components of a secure environment6m 39s
-
(Locked)
Designing network and server controls4m
-
(Locked)
Designing data controls5m 32s
-
(Locked)
Secure design principles and patterns4m 40s
-
(Locked)
Secure interface design6m 6s
-
(Locked)
Design security review2m 51s
-
(Locked)
Secure operational architecture3m 16s
-
(Locked)
-
-