Discover the need to document your risks as you understand them and learn how to use them in your SDLC.
- Documenting your designs, documenting your APIs,…and documenting your code are all…built into a team's development process.…What usually isn't part of the process…is documenting all of the security decisions…you have made.…Now, I know, I know, I've heard all the excuses…in the book about documentation.…Heck, I've used many of them myself.…I've heard documentation is dead…the minute it's written, or documentation is never read,…or that it's too hard to find the answers you really need.…
The point is, though, that regardless of the excuses,…there is value in documentation…especially in the security realm, as you will see.…One of the first things that you should document…even if only on Post-it Notes is how are going to deal…with security-related bugs found in production.…Now, I won't argue that you need a full-blown…vulnerability management plan, you do,…but that's for another course.…You do, however, at least need to have a plan…to prioritize and fix production security bugs…and route them through your development process.…
AuthorFrank P Moley III
- Understanding attackers and risks
- Documenting your risks
- Issues related to web client–server interactions
- Issues related to thick app and client–server interactions
- Authorization and cryptography issues
- Implementing security in each phase of the software development life cycle
Skill Level Beginner
Web Security: OAuth and OpenID Connectwith Keith Casey1h 26m Intermediate
Programming Foundations: Design Patternswith Elisabeth Robson2h 19m Intermediate
What you need to know1m 35s
1. Security and Risk Overview
2. Web Client Server Interaction Code Issues
3. Thick App and Client-Server Interaction Issues
4. Crypto and Security Misuse Issues
5. Security in the SDLC
Next steps2m 10s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.