Video

Course curriculum

    1. Course introduction

    2. Your Trainer

    3. Why should you take this course?

    4. What's in this course?

    1. Secure SDLC & Application Security Program

    2. Threat Modeling

    3. Third Party Components (SCA)

    4. Security Testing

    5. Code Review and Static Analysis

    6. Secure SDLC - Quiz!

    1. #1 Input Validation

    2. Input Validation - More Advice From OWASP

    3. Input Validation: Code Review

    4. #2 Output Encoding

    5. Output Encoding: Code Review

    6. #3 Parameterized queries are required; dynamic queries are forbidden.

    7. Parameterized queries: Code Review

    8. #4 Use the Authorization and Authentication provided by your framework, do not write your own.

    9. Authentication and Password Management – OWASP Advice

    10. #5 Use the identity and session management features available in your framework, network, or cloud provider.

    11. #6 Use all applicable security headers

    12. #7 Do not cache sensitive page data

    13. Caching Sensitive Data: Code Review

    14. #8 Secure Cookies

    15. Thoughts on securing your cookies

    16. #9 Take every possible precaution when performing file uploads

    17. File upload advice from OWASP

    18. Scanning your uploaded files

    19. #10 All errors should be caught, handled, logged, and, if appropriate, alerted upon.

    20. OWASP guidance on logging, alerting and monitoring

    21. Error Handling and Logging Cheat Sheet!

    22. #11 Sensitive or decision-making information should never be stored in URL parameters.

    23. #12 Your application should be served over HTTPS only.

    24. HTTPS Everywhere: Code Review

    25. #13 All data must be encrypted in transit and at rest

    26. #14 Allow users to cut and paste into the password field, to allow for use of password managers.

    27. #15 All connection strings, hashes, passwords and other secrets must be kept in a secret store.

    28. Reasons Secrets Need Management

    29. Secret Management Best Practices

    30. What are 'secrets'?

    31. #16 Hash and salt all passwords.

    32. #17 Keep your stuff up to date!

    33. A special note on APIs

    34. API Security Best Practices - Checklist

    35. We did it!

    36. 17 Commandments - PDF Checklist!

    1. Common Vulnerabilities

    2. What is 'OWASP'? What is the 'Top Ten'?

    3. A1: Injection

    4. A2: Broken Authentication

    5. A3: Sensitive Data Exposure

    6. A4: XML External Entities (XXE)

    7. A5: Broken Access Control

    8. A6: Security Misconfiguration

    9. A7: Cross Site Scripting (XSS)

    10. A8: Insecure Deserialization

    11. A9: Using Components with Known Vulnerabilities

    12. A:10 Insufficient Logging and Monitoring

    13. More! Important stuff that is not in the OWASP Top Ten

    14. Buffer Overflows

    15. Insecure Cryptographic Storage

    16. Insecure Communications

    17. Improper Error Handling

    18. Cross Site Request Forgery (CSRF)

    19. Quiz: Common Pitfalls

    1. Key Take Aways

    2. Awesome Books

    3. Semgrep Resources

    4. Course Survey

    5. Thank you for attending Semgrep Academy

About this course

  • Free
  • 70 lessons
  • 2 hours of video content

Discover your potential, starting today

Enroll today