2016
O'Reilly Media
Brian Sletten
8:11
English

It’s an unfortunate truism that many good developers are bad at software security. They cling to the belief that security is something you can just buy and bolt on, but that’s not the case. It’s not that developers want to be bad at security, they just don’t know where to start and where they should go. This video offers a clear route. It begins with a high level overview of today’s security threats and the organizational strategies used to counter those threats; it details the roles that SSG members, developers, testers and operations personnel must perform in a security focused SDLC; and finishes with a survey of the protocols, tactics, and tools used to optimize security at the physical, network, application, and perimeter levels.
Understand the goals, costs, and limitations of software security
Identify fifteen types of security attacks such as WebSocket, SQL injection, and TLS Heartbleed
Discover six core principles of software security including Defense in Depth and Fail Securely
Learn about threat modeling using tools like STRIDE, CAPEC, and attack trees
Recognize the capabilities and limitations of password policies, WAFS, and Firewalls
Review authentication/authorization techniques like HTTP Digest, OAuth 2 and JWT
Learn about the CORS, CSP, and HSTS security policies and protocols
Explore the W3C Web Cryptography Working Group’s newest security protocols

Introduction
Welcome to the Course 04m 40s
Attacks in the News 13m 19s
What We Tell Others 09m 00s
Trusted vs Trustworthy 11m 57s
Security Features 08m 30s
Principle of Least Privilege 05m 21s
Attacking Infrastructure 12m 10s
Convincing Developers 07m 55s
Beyond Perimeter Defense 07m 09s
Security Engineering
Introduction to Security Engineering 10m 37s
Economics of Security 11m 41s
Motivation 09m 24s
Security Protocols 24m 30s
Software Security
Introduction to Software Security 10m 45s
Risk Management 05m 15s
Security Testing 09m 32s
Architectural Risk Assessment 10m 46s
Principle: Protecting the Weakest Link 05m 54s
Principle: Defense in Depth 06m 09s
Principle: Fail Securely 07m 28s
Principle: Least Privilege 09m 17s
Principle: Log Securely 07m 07s
Principle: Trust Judiciously 09m 42s
Tools 10m 35s
Threat Modeling
Introduction to Threat Modeling 06m 11s
STRIDE 04m 51s
Attack Trees 09m 29s
Accounts 13m 08s
Web and Cloud 08m 11s
Security in the Organization
Introduction to Security in the Organization 09m 52s
Stakeholders 07m 36s
Teams: Security Teams 07m 42s
Teams: Developers 03m 31s
Teams: Operations 03m 49s
Software Lifecycles 07m 00s
Web Security
Password Policies 19m 25s
Feature: HTTP Basic 05m 23s
Feature: HTTP Digest 05m 07s
Feature: TLS 10m 56s
Feature: OAuth 19m 27s
Feature: HTTP Signatures 07m 56s
Feature: JWT 06m 05s
Feature: CORS 12m 41s
Feature: CSP 06m 40s
Feature: HSTS 05m 19s
Feature: WAFs and Firewalls 04m 08s
Attacks
Attack Overview 01m 11s
Phishing 06m 35s
XSS and HTML Injection 07m 06s
CSRF 05m 24s
SQL Injection 04m 22s
TLS Attacks: BEAST, BREACH, CRIME 22m 16s
TLS Attacks: Heartbleed 06m 27s
TLS Attacks: POODLE 05m 57s
The Future
The Future 09m 32s
Next Steps 09m 56s

shop.oreilly.com/product/0636920047179.do

Download File Size:1.96 GB

---