We will begin this course by showing you the OWASP top 10 proactive controls, its history, and how to find the project on the OWASP website. We will discuss how to verify security, parameterized queries, encode data, and validate inputs. Here, we will also show you how to implement identity and authentication controls, including session management, federation, password management tools, and identity repositories.
We will then learn how to implement access tools and protect data. We will discuss logging and intrusion detection, which includes tips on proper application logging and suggestions on how to implement intrusion detection into your source code.
We will conclude with security frameworks and exception handling, such as leveraging security frameworks and libraries. You will also learn best practices in error and exception handling, especially exiting out of error conditions in a secure way.
I'm an independent software security consultant, software architect, and trainer. I help teams solve problems, learn best approaches, and find success in software security, software architecture, and software development. I have experience in threat modeling, secure code review, cloud security, and development in .NET and Java. My work has spanned many industries, including healthcare, government, telecommunications, manufacturing, finance, and education. I'm a Microsoft MVP for Developer Security, an (ISC)2 Certified Secure Software Lifecycle Professional (CSSLP), and 'm an active member of the Information Systems Security Association (ISSA) - MA:New England Chapter, and OWASP and OWASP, Boston Chapter.
Robert Hurlbut, CSSLPSoftware Security Architect and Trainer