Join Jungwoo Ryoo for an in-depth discussion in this video Broken authentication and session management, part of Developing Secure Software.
- Authentication is one of the most common form of access control.…Session management complements authentication…by making the effect of authentication expire over time.…Authentication verifies the identity of a supplicant…who provides security credentials such as passwords.…Authentication and session management…often break due to reasons such as password cracking,…insecure communication channels,…insider threats or social engineering.…
More importantly, software developers often use…their own custom code to implement authentication…and session management.…Building your own custom authentication…and session management scheme is hard and prone to error,…eventually leading to security vulnerabilities.…Once compromised, broken authentication can allow…unrestricted access to the software system resources…which is extremely dangerous.…
Author
Jungwoo Ryoo
Released
11/12/2015Jungwoo Ryoo is a faculty member teaching cybersecurity and information technology at Penn State. In this course, he'll introduce secure software development tools and frameworks and teach secure coding practices such as input validation, separation of concerns, and single access point. He'll also show how to recognize different kinds of security threats and fortify your code. Plus, he'll help you put a system in place to test your software for any overlooked vulnerabilities.
- What is software security?
- Analyzing different kinds of security threats
- Designing secure software by adopting patterns and addressing vulnerabilities
- Avoiding buffer overflows
- Countering insecure direct object references
- Securing sensitive data
- Testing software security
Skill Level Intermediate
Duration
Views
-
Introduction
-
Welcome40s
-
-
1. Understanding Software Security
-
Software security resources1m 27s
-
2. Software Security Threats
-
Hardware-level threats1m 34s
-
Code-level threats1m 30s
-
Architectural-level threats1m 42s
-
Requirements-level threats1m 39s
-
Threat modeling and tools1m 23s
-
-
3. Secure Software Design
-
Security tactics1m 21s
-
Security patterns1m 38s
-
Security vulnerabilities2m 1s
-
4. Secure Coding
-
Buffer overflow attacks1m 41s
-
5. Testing for Security
-
Testing for security1m 4s
-
Static analysis1m 41s
-
Dynamic analysis1m 37s
-
Penetration testing1m 33s
-
Vulnerability management1m 42s
-
-
Conclusion
-
Next steps46s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Broken authentication and session management