This module is designed to introduce you to academic concepts in security. By the end of this module, you should be able to understand that security is fundamentally risk management. You will also have developed a vocabulary to talk about different kinds of security threats.
- Lecture 1: Introduction
- Lecture 2: Why Security is Hard
- Lecture 3: Security as Risk Management
- Lecture 4: Aspects of Security
- On Security Awareness Training (Bruce Schneier)
- Keren Elazari: Hackers: the Internet's immune system
- In
The security mirageBruce Schneier talks about our implicit biases that distort our view of security. What are your biases? - Which methods of managing risk apply most to your role at Redox? See lecture 3 for a list.
- Of confidentiality, integrity, and availability, which is the most important at Redox? See lecture 4 for one possible answer.
We make a web app. There are very specific and immediate vulnerabilities each developer needs to understand well and defend against.
Move slowly through these and finish the hacksplaing exercises on your own terms. This is marathon - not a sprint!
- Injection
- Broken Authentication and Session_Management
- Cross-Site Scripting (XSS)
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross-Site Request Forgery (CSRF)
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards
- Complete the free exercises at hacksplaining
- Identify parts of the Redox application that mitigate each of the OWASP top 10
Redox is a highly networked application. All of that information needs to be secured in transport and at rest. Cryptography is what is lets us do that.
The final project will be a presentation to the team on a recent security topic of interest to you.
Here are some resources for cutting edge topics: