Software Security

"Security is like adding brakes to cars.
The purpose of brakes is not to stop you:
it's to enable you to go fast!"
—-Gene Spafford

NMap, Metasploit
code scan tools: Fortify, Coverity and SLIN

Tutorials

Coursera: Cybersecurity Fundamentals curriculum

  • Usable Security
  • Software Security
  • Cryptography
  • Hardware Security

Lynda: "Foundations of Programming: Web Security".

This course refreshes basic web security concepts and security principles like defense in depth. It educates the participants about most common web attacks and how to protect against them.

  • Security Overview
  • General Security Principles
  • Filtering Input, Controlling Output◾Regulating requests
    • Validating input
    • Sanitizing data
    • Labeling variables
    • Keeping code private
    • Keeping credentials private
    • Keeping error messages vague
    • Smart logging
  • The Most Common Attacks◾Cross-site scripting (XSS)
    • Cross-site request forgery (CSRF)
    • SQL injection
    • URL manipulation
    • Faked requests and forms
    • Cookie visibility and theft
    • Session hijacking
    • Session fixation
    • Remote system execution
    • File-upload abuse
    • Denail of service
  • Encryption and User Authentication◾Password encryption
    • Salting Passwords
    • Password requirements
    • Brute-force attacks
    • Using SSL for login
    • Protecting cookies
    • Regulating access privileges
    • Handling forgotten passwords
    • Multi-factor authentication
  • Other Areas of Concern

Links

Tools

Network Scanner

Proxy

Fuzzing

Utils

Static Checks

Videos

Books

Blogs

CSRF

Cross-Site Scripting (XSS)

Cookie Manipulation

Canonicalization

SQL Injection

Clickjacking

Directory Traversal

Input Validation

URL Encoding and Manipulation

poweredBySergey.png
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License