Defensive Programming
“How can I ensure that I write bullet proof code that repels hackers?“
Target Audience
Developers, Programmers, Architects with experience in any scripting/programming languages.
Topics
- The Forrest Rabbit Analogy
- Disclaimer and Responsible activities
- The defensive programming principles
- The OWASP foundation and projects
- Understanding the common application security risks
- A quick overview of Injection Attacks
- Protecting queries against database
- Input Validationo Whitelistingo Blacklistingo Regex basedo Type casting based
- Encoding and Decodingo Url Encodingo Base64 Encodingo Output Encoding and types
- Cryptographyo Encryption and Decryptiono Hashing
- Secure Failovers and Logging
- Protecting Data during transit and storageo HTTPSo File Storage
- HTTP Header based security and recent advancements
- Securing the configurations
- Types of Authentication
- Secure Account Managemento Password storageo Protecting user identitieso Secure Reset functionalitieso Securely logging off
- Prevention against automated attackso CAPTCHAo OTPo Randomised tokens
- Cookie securityo Session Managemento Time Outs
- A quick look at the defensive programming cheatsheet
Outcome
- Intermediate level of knowledge to protect applications and fix security flaws
- In-depth understanding of all the defensive programming techniques and principles
- Brief overview of testing applications for vulnerabilities
- Ability to identify internet resources to enable fast learning
- Practical, hands on, and real world workshop enables learning by actually coding
- Being able to recognize patters and common vulnerabilities
