15 min listen
10 Vulnerabilities to watch for When building secure backend application (OWASP recommendations)
10 Vulnerabilities to watch for When building secure backend application (OWASP recommendations)
ratings:
Length:
29 minutes
Released:
Apr 7, 2021
Format:
Podcast episode
Description
The open web application security project is a recognized entity that helps developers identify critical security vulnerabilities to build secure web applications. In this video I will go through the 10 vulnerabilities and explain each one and give examples and anecdotes from real life examples.
0:00 Building Secure Backends
2:30 Injection
4:50 Broken Authentication
6:43 Sensitive Data Exposure
11:00 XML External Entities (XXE)
13:45 Broken Access Control
17:00 Security Misconfiguration
19:00 XSS
22:45 Insecure Deserialization.
24:48 Using Components with Known Vulnerabilities.
26:00 Insufficient Logging & Monitoring.
Resources
https://owasp.org/www-project-top-ten/
Cards
2:50 SQL Injection https://www.youtube.com/watch?v=Azo9tDUtC9s
4:20 Best practices building REST https://www.youtube.com/watch?v=6zHWU7zBep0&list=PLQnljOFTspQUybacGRk1b_p13dgI-SmcZ&index=4
8:30 TLS playlist youtube.com/playlist?list=PLQnljOFTspQW4yHuqp_Opv853-G_wAiH-
15:00 HTTP Smuggling https://www.youtube.com/watch?v=PFllH0QccCs
19:22 XSS https://www.youtube.com/watch?v=pD6C1-zSxIM
25:10 OpenSSL Crash https://youtu.be/aDPQ0_MyRnc
Support my work on PayPal
https://bit.ly/33ENps4
Become a Member on YouTube
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
?? Courses I Teach
https://husseinnasser.com/courses
0:00 Building Secure Backends
2:30 Injection
4:50 Broken Authentication
6:43 Sensitive Data Exposure
11:00 XML External Entities (XXE)
13:45 Broken Access Control
17:00 Security Misconfiguration
19:00 XSS
22:45 Insecure Deserialization.
24:48 Using Components with Known Vulnerabilities.
26:00 Insufficient Logging & Monitoring.
Resources
https://owasp.org/www-project-top-ten/
Cards
2:50 SQL Injection https://www.youtube.com/watch?v=Azo9tDUtC9s
4:20 Best practices building REST https://www.youtube.com/watch?v=6zHWU7zBep0&list=PLQnljOFTspQUybacGRk1b_p13dgI-SmcZ&index=4
8:30 TLS playlist youtube.com/playlist?list=PLQnljOFTspQW4yHuqp_Opv853-G_wAiH-
15:00 HTTP Smuggling https://www.youtube.com/watch?v=PFllH0QccCs
19:22 XSS https://www.youtube.com/watch?v=pD6C1-zSxIM
25:10 OpenSSL Crash https://youtu.be/aDPQ0_MyRnc
Support my work on PayPal
https://bit.ly/33ENps4
Become a Member on YouTube
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
?? Courses I Teach
https://husseinnasser.com/courses
Released:
Apr 7, 2021
Format:
Podcast episode
Titles in the series (100)
Episode 01 - Sync vs aSync by The Backend Engineering Show with Hussein Nasser