OWASP Proactive Controls (Part 2 of 2): Controls 6 through 10

In this course, you will learn about the OWASP Top 10 Proactive Controls document and the many guidelines it provides to help developers write better and more secure code. In particular, I will cover the last five controls. These include implementing access control to verify what a user is allowed to do in a system, methods of protecting data at rest and in transit, implementing logging and intrusion detection, and finally I will talk about using existing security frameworks and libraries as well as best practices for error and exception handling. Join me in this course as we continue our exploration of the OWASP Top 10 Proactive Controls. This course contains the following lessons:

Lesson 1:

• C6 - Implement Appropriate Access Controls
• Access Control Anti-Patterns
• Role-Based Access Control
• ASP.NET Roles vs. Claims Authorization
• Apache Shiro Permission-Based Access Control.

Lesson 2:

• C7 - Protect Data
• Encrypting Data in Transit
• HSTS (Strict Transport Security)
• Certificate Pinning
• Browser-Based TOFU Pinning
• Pinning in Play (Chrome)
• Forward Secrecy
• Google KeyCzar
• Libsodium.

Lesson 3:

• C8 - Implement Logging and Intrusion Detection
• Tips for Proper Application Logging
• Detection Points Examples.

Lesson 4:

• C9 - Leverage Security Frameworks and Libraries
• Security Frameworks and Libraries
• C10 - Error and Exception Handling
• Best Practices for Error and Exception Handling.