Explore potential internal data management issues, the risks associated with them, and learn how to avoid them.
- There are often many data points an application needs…in order to operate successfully.…These data points can be as simple as URLs…and other resources and as complex as encryption keys.…While this data is needed for applications to operate,…in the wrong hands, they can be treacherous to a system.…Let's start our discussion with a common use case…and that is connecting to a remote service.…
Usually, to connect to a remote service,…you need to store the URL…of that service along with the credentials…or tokens needed to consume that service.…That information is needed by your application at runtime.…Serving that data at runtime can be the challenge.…The attack vector associated…with this should be relatively straightforward.…If you expose the data you need for your system to operate,…the attacker can then use…that same data to mimic you to your backend service.…
The attacker can then use the mimic behavior…to manipulate the backend service…and either exploit it or cause it…to make your system exploitable.…Solving these problems are actually very straightforward.…
AuthorFrank P Moley III
- Understanding attackers and risks
- Documenting your risks
- Issues related to web client–server interactions
- Issues related to thick app and client–server interactions
- Authorization and cryptography issues
- Implementing security in each phase of the software development life cycle
Skill Level Beginner
Web Security: OAuth and OpenID Connectwith Keith Casey1h 26m Intermediate
Programming Foundations: Design Patternswith Elisabeth Robson2h 19m Intermediate
What you need to know1m 35s
1. Security and Risk Overview
2. Web Client Server Interaction Code Issues
3. Thick App and Client-Server Interaction Issues
4. Crypto and Security Misuse Issues
5. Security in the SDLC
Next steps2m 10s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.