OWASP Top 10: #7 XSS and #8 Insecure Deserialization

OWASP Top 10: #7 XSS and #8 Insecure Deserialization
OWASP Top 10: #7 XSS and #8 Insecure Deserialization
English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 0h 26m | 221 MB

Recent changes in application architecture and technology have sparked new opportunities and ways of working. But with these new advancements come new risks. The Open Web Application Security Project (OWASP) Top 10 list describes the ten biggest vulnerabilities that today’s software developers and organizations face. In this course, Caroline Wong takes a deep dive into the seventh and eighth categories of security vulnerabilities in the OWASP Top 10—cross-site scripting (XSS) and insecure deserialization. Caroline covers how XSS and insecure deserialization work, providing real-world examples that demonstrate how they affect companies and consumers alike. She also shares techniques that can help you prevent these types of attacks.

Table of Contents

1 Common software vulnerabilities

Cross-Site Scripting How Does It Work
2 General concept

Impact of Cross-Site Scripting
3 Example scenario 1
4 Example scenario 2

Preventing Cross-Site Scripting
5 Enable a content security policy
6 Apply context sensitive encoding
7 Escape untrusted HTTP data

Insecure Deserialization How Does It Work
8 General concept

Impact of Insecure Deserialization
9 Example scenario 1
10 Example scenario 2

Preventing Insecure Deserialization
11 Use integrity checks and encrypt
12 Log to detect insecure deserialization
13 Isolate code that deserializes

14 Next steps