We will begin this course with an introduction on building secure software, including how to explore the hacker mindset, understanding defense in depth, applying secure coding techniques, and threat modeling.
We will then discuss how to determine your threats, protect your assets, and use the Open Web Application Security Project. We will learn how to mitigate cross-site scripting, where the attacker injects unexpected characters and tags into a vulnerable input and fails to properly validate things.
Next, we will describe an SQL-injection attack, where the hacker is using specialized knowledge of how database and storage works, and makes use of special character sequences to inject code. Here, we will take a look at how SQL injection works and what we can do about it.
Lastly, we will cover insecure object reference attacks, where you depend on a predictable pattern for IDs. Hackers modify the URL and make requests to get unauthorized access to content. This will lead into integer overflow, where we make sure the results of calculations are validated before we assign values to variables.