Monday, October 31, 2016

Releasing Application Security Fundamentals - secure coding learning resources under CC BY-ND 4.0 for everyone to use

Back in April 2016, we released the OWASP Web App Top 10 (2013) slide packs and in September 2016 the OWASP Mobile Top 10 (2014).  Today, we are making the Application Security Fundamentals slide packs available:


  • Least Privileges
  • Secure by Default
  • Defense in Depth
  • Robust Error Checking
  • Trust No Input
  • Open Design
  • Fail Securely
  • Simplicity / Reuse
  • Logging
  • Data Protection / Privacy

You can find all the slides on the following locations:
We have opted to create very concise and short modules for each topic so everyone can decide themselves whether to use these in a classroom setting and cover several modules, or use them in an online environment and giving developer bite-size things to learn. Each of the slide-packs are covering:
  1. Summary slide of the topic
  2. One or more practical scenario's to better understand the vulnerability concept and root cause
  3. Examples of potential impact
  4. Recommendations on how to avoid writing these vulnerabilities
Here is a sample module on Data Protection & Privacy




Application Security Fundamentals

Least Privileges

Secure by Default

Defense in Depth

Robust Error Checking

Trust No Input
Open Design
Fail Securely
Simplicity / Reuse
Logging

Data Protection / Privacy




At Secure Code Warrior, we want to help not only students and professionals in Australia but also in the rest of the world and we are doing that today by providing teaching material on Secure Coding under "Creative Commons - Attribution-NoDerivatives 4.0 International". This comes down to:
  • Sharing — everyone can copy and redistribute the material in any medium or format
  • for any purpose, even commercially.