Join Jungwoo Ryoo for an in-depth discussion in this video Case study: Intercepting validator, part of Python: Advanced Design Patterns.
- (narrator) Many cyber security attacks exploit…a software system's dependence on user inputs.…In fact, this is often the weakest link…in our defense against cyber criminals.…Some of the most famous hacking techniques…include SQL injection and cross-site scripting.…Both SQL injection and cross-site scripting take advantage…of the absence of a mechanism to check user inputs…before using them for further processing.…
In the case of SQL injection, malicious users append…additional database commands to a user input,…intended to be raw data like "user name" as shown here.…Cross-site scripting attempts to execute a piece of code…by entering it into a text field, as you can see here.…The key to preventing both SQL injection…and cross-site scripting is adding a step in your code…to validate if a user input…contains any suspicious keywords.…
In our SQL injection example, "or" is highly suspicious…because it is rare for somebody's user name to contain "or."…If a programmer is well-informed…about secure coding practices,…
- Architectural vs. design patterns
- Why use design patterns?
- Design best practices
- Domain-specific patterns and security patterns
- Gang of Four design patterns
- Command, Mediator, and State
- Template method
Skill Level Advanced
1. Understanding Design Patterns: Review
2. Design Best Practices
3. Gang of Four (GoF) Patterns, Part 1
4. Gang of Four (GoF) Patterns, Part 2
Next steps1m 26s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.