קורס // Java Secure Code

• Who cares?
• What are we securing?
• Philosophy: what's a "secure" code?
• Threat modelling & identification
• Security in layers vs security by obscurity
• Overview
• Architecture basics

• Creds standards
• Creds storage
• Reset password
• Login mechanism
• Access management & refraining from client-side validation
• Session fixation
• Session termination

• MiTM prevention and protections
• Defensive use of protocols general guidelines
• HTTP
• Web applications attacks and mitigations
•      Server disclosure

     - Forceful browsing

     - Dir listing + enum

     - Clickjacking

     - LFI/RFI

     - CSRF

     - Open redirect

     - And more

• Encoding, Encryption, Hashing
• Why, when, how
• Identity verification & signing

• Voluntarily and in errors
• Source code disclosure
• Secure memory usage
• Packaging

    Refrain from info in source code

    Obfuscation

• DoS

    Recursion

    Loops

    Regex

    CAPTCHA

    Rate limit

• Resource integrity

    Versions and 3rd parties

    Libs

    Conf files

    User-specific/shared dirs

    System properties/env variables

• Code injections

    XSS

    XML injection

    SQL injection

    Process initiation & syscommands

    Serialization

    File Upload

    Logical glitches