How to Avoid Writing Insecure Code

How to Avoid Writing Insecure Code, available at $59.99, has an average rating of 4.47, with 82 lectures, 30 quizzes, based on 655 reviews, and has 1956 subscribers.

You will learn about The recurring security pitfalls that developers fall into Manageable and practical root causes of many famous software weaknesses Ability to map security bugs to specific coding patterns in your software Reflexive security questions you should ask during coding Familiarity with famous security bugs; XXE, Session Puzzling, Mass Assignment, XSS, Directory Traversal, IDOR, Prompt Injection and more Secure and insecure ways of validating the input This course is ideal for individuals who are Software developers or Software analysts It is particularly useful for Software developers or Software analysts.

Enroll now: How to Avoid Writing Insecure Code

Summary

Title: How to Avoid Writing Insecure Code

Price: $59.99

Average Rating: 4.47

Number of Lectures: 82

Number of Quizzes: 30

Number of Published Lectures: 82

Number of Published Quizzes: 28

Number of Curriculum Items: 112

Number of Published Curriculum Objects: 110

Original Price: $119.99

Quality Status: approved

Status: Live

What You Will Learn

The recurring security pitfalls that developers fall into

Manageable and practical root causes of many famous software weaknesses

Ability to map security bugs to specific coding patterns in your software

Reflexive security questions you should ask during coding

Familiarity with famous security bugs; XXE, Session Puzzling, Mass Assignment, XSS, Directory Traversal, IDOR, Prompt Injection and more

Secure and insecure ways of validating the input

Who Should Attend

Software developers

Software analysts

Target Audiences

Software developers

Software analysts

This training is about writing secure software. We chose to deliver secure coding practices using a perspective where widespread coding security mistakes are classified into understandable chunks. We hope that this will make more sense and be more helpful to hardcore developers and analysts.

Security should be an intrinsic part of any software production methodology and its implementation. However, development is a complex process and it is extremely hard to keep a software secure as it ages. There are numerous security tools, methodologies and knowledge to produce a secure software. However, still vast number of applications include critical security bugs. Most of these bugs stem from bad coding patterns that we call software security anti-patterns or in simpler term, mistakes.

An anti-pattern is a common response to a recurring problem that is usually ineffective or worse carry risks. In other words, anti-patterns are commonly reinvented bad solutions to problems.

For example, one of the most famous anti-patterns in software development is the Spaghetti Code. In early phases of being a developer, we are usually not familiar with the importance of modularity or find little time to design first. So, we tend to produce extremely complicated, hard to understand unstructured software. This way of coding produces Spaghetti Code which is hard to maintain and write test code, however, the end product may still run perfectly and serve well in production. However, it is extremely hard to adapt to any possible new changes. Since the code is not modular or structured, it is hard to add new features. Moreover, any modification to the code effects other flows in an unpredictable manner. The maintenance is also crippled since the code’s complex form will make the life of new developers’ difficult when they are adjusting.

Similarly, there are bad design or coding choices that repeatedly lead to security bugs. It is important to be aware of these software security anti-patterns in order not to fall prey to hackers. The course will contain eight different core mistakes. Some are more prevalent than the others, however, all of them produce deadly results. In each lesson, we will first try to explain what the specific anti-pattern is all about. Then, we will move on giving one or more demos on what can go wrong when that mistake is made. At the end of each lesson, we will look at different sound and widely acknowledged solutions against insecure design or coding choices.

Course Curriculum

Chapter 1: Introduction

Lecture 1: The Course Overview

Lecture 2: A Little Bit of Terms

Lecture 3: Software Security Anti-Patterns

Chapter 2: Confirmation Bias

Lecture 1: What is Confirmation Bias Anti-Pattern?

Lecture 2: Wason’s 2-4-6 Task

Lecture 3: An Audio Illusion – Your Brain

Lecture 4: Heartbleed: A Total Security Collapse of the Internet

Lecture 5: Heartbleed Details

Lecture 6: What is Insecure File Upload?

Lecture 7: Demo: Buggy Extension Check

Lecture 8: How to Fix?

Lecture 9: Recap

Chapter 3: Copy-Paste Insecure Code

Lecture 1: What is Copy-Paste Insecure Code Anti-Pattern?

Lecture 2: Analysis: Critically Insecure StackOverflow Answers

Lecture 3: What is XML External Entity Attack?

Lecture 4: Demo: XXE Attack

Lecture 5: What is Trusting Insecure SSL Certificates?

Lecture 6: Demo: Trusting Self-Signed Certificates

Lecture 7: How to Fix?

Lecture 8: Recap

Chapter 4: Lack of Authorization

Lecture 1: What is Lack of Authorization Anti-Pattern?

Lecture 2: What is Insecure Direct Object Reference (IDOR)?

Lecture 3: Demo: IDOR

Lecture 4: What is Missing Authorization Checks at PostBacks?

Lecture 5: Demo: Missing Authorization Checks at PostBacks

Lecture 6: How to Fix?

Lecture 7: Recap

Chapter 5: Mixing Code and Data

Lecture 1: What is Mixing Code and Data Anti-Pattern?

Lecture 2: What is SQL Injection?

Lecture 3: Demo: SQL Injection

Lecture 4: What is XPath?

Lecture 5: Demo: XPath Injection

Lecture 6: How to Fix?

Lecture 7: Neutralization

Lecture 8: Recap

Chapter 6: Using Blacklists

Lecture 1: What is Using Blacklists Anti-Pattern?

Lecture 2: What is Cross Site Scripting?

Lecture 3: Bypassing Blacklist Filters

Lecture 4: Demo: Bypassing Blacklist Filters

Lecture 5: .NET Request Validation Bypass

Lecture 6: Demo: Spring AutoBind Blacklist Bypass

Lecture 7: How to Fix?

Lecture 8: Recap

Chapter 7: Pardon the Malintent

Lecture 1: What is Pardon the Malintent Anti-Pattern?

Lecture 2: What is Regular Expression DOS?

Lecture 3: Demo: Regex DOS

Lecture 4: What is Directory Traversal?

Lecture 5: Demo: Directory Traversal

Lecture 6: How to Fix?

Lecture 7: Recap

Chapter 8: Secure Library Ignorance

Lecture 1: What is Secure Library Ignorance Anti-Pattern?

Lecture 2: Introduction to jsTree Javascript library

Lecture 3: Demo: jsTree – Cross Site Scripting

Lecture 4: What is Insecure Deserialization Bugs?

Lecture 5: Demo: XStream – Java Deserialization

Lecture 6: Short Introduction to React and SPAs

Lecture 7: Demo: Insecure React Use

Lecture 8: How to Fix?

Lecture 9: Recap

Chapter 9: Insufficient WWW Knowledge

Lecture 1: What is Insufficient WWW Knowledge Anti-Pattern?

Lecture 2: What is X-Forwarded-For HTTP Header?

Lecture 3: Demo: Insecure X-Forwarded-For Parsing

Lecture 4: A Short Introduction to CAPTCHAs

Lecture 5: Demo: Insecure Anti-Brute Force Mechanism

Lecture 6: What is Session Puzzling?

Lecture 7: Demo: Session Puzzling

Lecture 8: Client Side Controls

Lecture 9: How to Fix?

Instructors

Bedirhan Urgun
Software Security Enthusiast

Rating Distribution

1 stars: 10 votes

2 stars: 6 votes

3 stars: 57 votes

4 stars: 253 votes

5 stars: 329 votes

Frequently Asked Questions

How long do I have access to the course materials?

You can view and review the lecture materials indefinitely, like an on-demand channel.

Can I take my courses with me wherever I go?

Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don’t have an internet connection, some instructors also let their students download course lectures. That’s up to the instructor though, so make sure you get on their good side!