From the course: Practical Secure by Design: Threat Modeling to Build Resilient Products
Join today to access over 24,900 courses taught by industry experts.
Insecure implementation: Handling failures the wrong way
From the course: Practical Secure by Design: Threat Modeling to Build Resilient Products
Insecure implementation: Handling failures the wrong way
- [Instructor] Funny enough, this video will give you a good recap of the previous four chapters. If you haven't watched any of the previous four chapters, now is an opportunity to pause and go back and watch them. In the context of secure defaults, if you remember, we tried to access the checkout API and we were able to see the credit card information in plain text. Let me remind you, I'm going to simply call the payments endpoint this time, and as you can see in this scenario, when I call the payments endpoint without any authentication, it gives me the credit card information in plain text. It also gives me other PII. In the context of minimizing attacks off this, we talked a little bit about debug mode being enabled and exposed in production. In the context of principle of least privilege, we noticed how a low privilege user had access to all the order details because access controls were not implemented. In our…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
-
-
(Locked)
Scenario: Scope of insecure failure states1m 19s
-
(Locked)
Insecure implementation: Handling failures the wrong way1m 34s
-
(Locked)
Threat model: What can go wrong when systems fail1m 47s
-
(Locked)
Security requirements: Designing fail-secure mechanisms3m 11s
-
(Locked)
Real-world example: Fail securely in action2m 1s
-
(Locked)
Ensure your app fails securely34s
-
(Locked)
-
-