Index
Expand All Collapse All

• - OWASP Top 10
• 1. Broken Access Control
• 2. Cryptographic Failures
• 3. Injection
• 4. Insecure Design
• - Secure Code Review
• Factors to Consider
• Integrating Into SSDLC
• When to Code Review
• How to Conduct
• - Vulnerabilities
• - 1. SQL injection
• Improper Implementation
• Mitigation
• Code Review
• - 3. Content Security Policy (CSP)
• Mitigation
• - 4. Input Validation
• Mitigation
• - 5. Deserialization (Java)
• Mitigation
• - 6. Authentication
• - Attacks
• Password Based
• Mitigation
• - 7. Buffer Overflow
• Mitigation
• - 8. Man in The Middle
• Mitigation
• - 9. DDOS
• Mitigation
• - 10. Click Jacking
• Mitigation
• - 11. Cross Site Request Forgery CSRF
• Mitigation
• - 12. Insecure Direct Object Reference
• Mitigation
• - Networking
• - OSI Model
• Layer 7 - Application Layer
• Layer 6 - Presentation Layer
• Layer 5 - Session Layer
• Layer 4 - Transport Layer
• Layer 3 - Network Layer
• Layer 2 - Data Link Layer
• Layer 1- Physical Layer
• Cryptography, Authentication, Identity
• - Attack Frameworks
• Kill Chain
• MITRE ATT&CK Framework
• Diamond Model of Intrusion Analysis
• - Threat Modeling
• - Risk Categorization
• STRIDE
• PASTA
• - Threat Ranking
• DREAD
• - Detection
• SAST
• DAST
• SCA
• Incident Management
• - SSDLC
• Defining Security Requirements
• Sources