Explore potential configuration issues, the risks associated with them, and learn how to avoid them.
- A somewhat common theme should be identified…by this point.…We find that in many cases the process that make running,…deploying and troubleshooting an application much easier…can also be used to exploit an application.…Configuration of our application is another such case.…So what is configuration?…To SANS for instance, secure configurations apply…to the systems and servers.…
It's the software and operating systems…the machines are running on.…It's definitely critical to keep systems patched.…But from a development perspective,…this isn't configuration.…When I talk about securing your configuration,…I'm referring to the feature flags, options,…and other data elements that your application needs to run,…but they can be optionally configured…at startup or runtime.…
Many times as developers,…we want to soft rollout of features…through the use of feature flags,…or provide ways to put the application…into a higher state of logging.…Inherently, these features are not bad on their own,…however they can expose the system.…
AuthorFrank P Moley III
- Understanding attackers and risks
- Documenting your risks
- Issues related to web client–server interactions
- Issues related to thick app and client–server interactions
- Authorization and cryptography issues
- Implementing security in each phase of the software development life cycle
Skill Level Beginner
Web Security: OAuth and OpenID Connectwith Keith Casey1h 26m Intermediate
Programming Foundations: Design Patternswith Elisabeth Robson2h 19m Intermediate
What you need to know1m 35s
1. Security and Risk Overview
2. Web Client Server Interaction Code Issues
3. Thick App and Client-Server Interaction Issues
4. Crypto and Security Misuse Issues
5. Security in the SDLC
Next steps2m 10s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.