Introduction to Secure Software: Building Security Systems

Introduction to Secure Software: Building Security Systems

English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 8h 11m | 2.05 GB

It’s an unfortunate truism that many good developers are bad at software security. They cling to the belief that security is something you can just buy and bolt on, but that’s not the case. It’s not that developers want to be bad at security, they just don’t know where to start and where they should go. This video offers a clear route.

It begins with a high level overview of today’s security threats and the organizational strategies used to counter those threats; it details the roles that SSG members, developers, testers and operations personnel must perform in a security focused SDLC; and finishes with a survey of the protocols, tactics, and tools used to optimize security at the physical, network, application, and perimeter levels.

  • Understand the goals, costs, and limitations of software security
  • Identify fifteen types of security attacks such as WebSocket, SQL injection, and TLS Heartbleed
  • Discover six core principles of software security including Defense in Depth and Fail Securely
  • Learn about threat modeling using tools like STRIDE, CAPEC, and attack trees
  • Recognize the capabilities and limitations of password policies, WAFS, and Firewalls
  • Review authentication/authorization techniques like HTTP Digest, OAuth 2 and JWT
  • Learn about the CORS, CSP, and HSTS security policies and protocols
  • Explore the W3C Web Cryptography Working Group’s newest security protocols
Table of Contents

1. Introduction
01 Welcome to the Course
02 Attacks in the News
03 What We Tell Others
04 Trusted vs Trustworthy
05 Security Features
06 Principle of Least Privilege
07 Attacking Infrastructure
08 Convincing Developers
09 Beyond Perimeter Defense

2. Security Engineering
10 Introduction to Security Engineering
11 Economics of Security
12 Motivation
13 Security Protocols

3. Software Security
14 Introduction to Software Security
15 Risk Management
16 Security Testing
17 Architectural Risk Assessment
18 Principle Protecting the Weakest Link
19 Principle Defense in Depth
20 Principle Fail Securely
21 Principle Least Privilege
22 Principle Log Securely
23 Principle Trust Judiciously
24 Tools

4. Threat Modeling
25 Introduction to Threat Modeling
27 Attack Trees
28 Accounts
29 Web and Cloud

5. Security in the Organization
30 Introduction to Security in the Organization
31 Stakeholders
32 Teams Security Teams
33 Teams Developers
34 Teams Operations
35 Software Lifecycles

6. Web Security
36 Password Policies
37 Feature HTTP Basic
38 Feature HTTP Digest
39 Feature TLS
40 Feature OAuth
41 Feature HTTP Signatures
42 Feature JWT
43 Feature CORS
44 Feature CSP
45 Feature HSTS
46 Feature WAFs and Firewalls

7. Attacks
47 Attack Overview
48 Phishing
49 XSS and HTML Injection
51 SQL Injection
53 TLS Attacks POODLE

8. The Future
54 The Future
55 Next Steps