Join Kevin Skoglund for an in-depth discussion in this video Security through obscurity, part of Foundations of Programming: Web Security.
…Security through obscurity is our next core security principle.…It has a nice rhyme to it.…Is it harder to break into a safe with the lights on or with the lights off?…And do you think it would be easier if a safe cracker…knew the brand and model of the safe than if they didn't?…Or how about if they couldn't see the numbers on the dial as they turned it.…These are the basic ideas behind security through obscurity.…The less information you give out the better.…More information…benefits hackers.…Hackers rely on exposed information and feedback from their actions.…
If a web server's known to be running Apache 2.2 a hacker, or a…script that the hacker's running, knows to look for security holes in Apache 2.2.…If the web server software is unknown, well then they must try everything.…Information helps the hacker by narrowing the field of possible exploits.…So you want to limit exposed information.…Don't report any more information than is absolutely necessary.…It's similar to the idea of least privilege, but this is least information.…
This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments
Skill Level Beginner
1. Security Overview
2. General Security Principles
3. Filtering Input, Controlling Output
4. The Most Common Attacks
5. Encryption and User Authentication
6. Other Areas of Concern
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.