We will begin this course with an introduction on building secure software, including how to explore the hacker mindset, understanding defense in depth, applying secure coding techniques, and threat modeling.
We will then discuss how to determine your threats, protect your assets, and use the Open Web Application Security Project. We will learn how to mitigate cross-site scripting, where the attacker injects unexpected characters and tags into a vulnerable input and fails to properly validate things.
Next, we will describe an SQL-injection attack, where the hacker is using specialized knowledge of how database and storage works, and makes use of special character sequences to inject code. Here, we will take a look at how SQL injection works and what we can do about it.
Lastly, we will cover insecure object reference attacks, where you depend on a predictable pattern for IDs. Hackers modify the URL and make requests to get unauthorized access to content. This will lead into integer overflow, where we make sure the results of calculations are validated before we assign values to variables.
I deliver technical presentations around the U.S. as a consultant, trainer, and former Developer Evangelist for Microsoft. I have worked in a variety of professional roles, including architect, project manager, developer, and technical writer. I’m also an author of two books, published by WROX Press and APress, that show developers how to get the most from their SQL databases. Since appearing in the 1994 Microsoft DevCast, I have presented technical information at seminars, conferences, and corporate boardrooms across America.
Mike BenkovichPresenter, Trainer, Author, Instructor