Hackers rely on exposed information and feedback from their actions. On its own obscuring information is weak security, but when combined with other security measures it is a vital tool.
- Security through obscurity is our next … core security principle. … It has a nice rhyme to it. … It means that it's more secure to withhold … or obscure information because information … is valuable to an attacker. … Another nice rhyme first popularized during … World War Two is, "Loose lips might sink ships." … Careless talk during wartime may provide … the enemy with information that would help them … to strategize or to plan better attacks. … Learning new information benefits an attacker. … It never benefits a defender. … Therefore the less information you give out, the better. … Information should be kept on a need-to-know basis. … It's similar to the principle of least privilege … that we saw earlier. … Give out the least amount of information … necessary to complete the job. … Most Hollywood heist films have a scene … where the heroes perform some reconnaissance … on their target. … They watch the outside of the building through binoculars. … They wait patiently as key personnel come and go …
- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Web Programming Foundationswith Morten Rand-Hendriksen58m 44s Beginner
Web Security: Same-Origin Policieswith Sasha Vodnik1h 54m Advanced
1. Security Overview
2. General Security Principles
3. Filter Input, Control Output
4. The Most Common Attacks
Next steps2m 26s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.