Simplicity makes security easier. Complexity allows for mistakes, greater attack surface, and weak links.
- Our second general security principle … is simple is more secure. … Let me start by asking a question. … Which would be easier to secure? … A house that had only one door, … or a house that had five doors and five windows? … The answer's, obviously, the house with one door. … The larger and more complex a system becomes, … the harder it becomes to secure. … Larger systems have more areas of concern. … They have a larger attack surface to keep secure. … More complex systems increase the likelihood of bugs … or of making mistakes. … Simpler is always more secure. … When programming, … there are several techniques that you can use … to reduce complexity, and therefore, increase security. … Giving clear names to functions and variables … makes your code easier to read and to understand. … Write code comments. … Describe what you intend for the code to do, … how it does it, and why you chose a particular approach. … List the expected inputs … and the expected outputs of a function. … Make notes about any security concerns …
- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Web Programming Foundationswith Morten Rand-Hendriksen58m 44s Beginner
Web Security: Same-Origin Policieswith Sasha Vodnik1h 54m Advanced
1. Security Overview
2. General Security Principles
3. Filter Input, Control Output
4. The Most Common Attacks
Next steps2m 26s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.