OWASP Top 10: #3 Sensitive Data Exposure and #4 External Entities (XXE)

OWASP Top 10: #3 Sensitive Data Exposure and #4 External Entities (XXE)

English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 0h 27m | 201 MB

The Open Web Application Security Project (OWASP) was formed to provide the public with the resources needed to understand and enhance software security. The OWASP Top 10 list describes the ten biggest vulnerabilities. In this course, Caroline Wong takes a deep dive into the third and fourth categories of security vulnerabilities in the OWASP Top 10—sensitive data exposure and XML external entities (XXE). Caroline covers how sensitive data exposure and XXE attacks work, providing real-world examples that demonstrate how they affect companies and consumers alike. She also shares techniques that can help you prevent these types of attacks.

Table of Contents

Introduction
1 Prevent common software vulnerabilities

Sensitive Data Exposure How Does It Work
2 General concept

Impact of Sensitive Data Exposure
3 Example scenario 1
4 Example scenario 2

Preventing Sensitive Data Exposure
5 Laws and regulations
6 Reducing scope
7 Encryption (TLS and HSTS)

XXE How Does It Work
8 General concept

Impact of XXE
9 Example scenario 1
10 Example scenario 2

Preventing XXE
11 Disable XXE processing
12 Whitelisting and validating input
13 Upgrade all XML processors and libraries

Conclusion
14 Next steps