From the course: Practical Secure by Design: Threat Modeling to Build Resilient Products
Join today to access over 24,900 courses taught by industry experts.
Insecure implementation: Real examples of default pitfalls
From the course: Practical Secure by Design: Threat Modeling to Build Resilient Products
Insecure implementation: Real examples of default pitfalls
- [Instructor] As we have seen in our previous video, we have gone through the scope for user's API and checkout API, and understood a little bit about what the APIs do. We also realized, as we were going through the documents, we applied a security mindset and already identified a couple of issues that may be exploited. Because this is an insecure implementation, I want to go ahead and use the API documentation that was provided to us by the engineers and potentially test some of these scenarios. Please note, in real life, normally threat modeling is done quite early in the design phase of PDLC. However, sometimes security teams may not be involved quite early in the PDLC, and by the time you start your threat model, you may already have access to the code. When you have access to the code, I highly recommend to make use of the code and make use of the test documentation to go ahead and run the application and do a…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
Insecure default settings and their risks5m 39s
-
(Locked)
Insecure implementation: Real examples of default pitfalls3m 49s
-
(Locked)
Threat model: Risks of unsafe defaults4m 11s
-
(Locked)
Security requirements: Setting secure defaults from the start6m 9s
-
(Locked)
Real-world example: Secure defaults in practice3m 12s
-
(Locked)
Challenge: Enforce secure defaults in your application45s
-
-
-
-
-
-
-
