The course covers the learning outcomes and goals of understanding the OWASP Proactive Controls, aimed at helping developers build secure applications by incorporating essential software control categories. The course teaches skills such as Authentication, Access Control, Validation, Encoding, Query Parameterization, Data Protection, Secure Requirements, Secure Architecture, and Secure Design. The teaching method involves covering fundamental controls in critical software categories through a 50-minute talk. The intended audience for this course is developers and architects looking to enhance the security of their software projects.
Overview
Syllabus
Introduction
Apache Shiro
RoleBased Access Control
Password Defense
Credential Specific Salt
Use an HSM
Use Bcrypt
Multifactor
Access Control
Query Parameterization
Ruby on Rails
Cold Fusion
Encoding
Crosssite scripting
HTML encoding
HTML input
OAuth HTML sanitizer
Other HTML sanitizers
File upload security
Certificate pinning
Cryptographic storage
Detection
Radio Button
Taught by
LASCON
