Understand Application Security and Attack Mitigation Best Practices

---

Goals

• Explore Secure Software Development Life Cycle concepts.
• Learn about authentication attacks and protections.
• Review overflow attack types.
• Explore injection attacks.
• Learn about mitigations for many different classes of attacks.

Explore Secure Software Development Practices

• Secure Software Development Life Cycle (SSDLC)
• OWASP Web Security Testing Guide (WSTG)
• Authentication Attack Types and Best Practices
  • On-Path Attack
  • Online Password Attack
  • Password Spraying
  • Credential Stuffing
  • Authentication Best Practices
    • Broken Authentication
    • OWASP Cheat Sheet for Authentication
• Secure Coding Best Practices
  • Input Validation
  • Output Encoding
  • Parameterized Queries
  • Data Protection
  • Secure Session Management Practices

Controls to Mitigate Successful Application Attacks

• Overflow Attack Types and Vulnerabilities
  • Buffer Overflow
  • Heartbleed
  • Heap Overflow
  • Integer Overflow
  • Stack Overflow
  • Address Space Layout Randomization (ASLR)
• SQL Injection and XML Attacks and Vulnerabilities
  • SQL Injection
  • Prompt Injection
  • Insecure Direct Object Reference (IDOR)
  • XML Attacks
• Web Application Attacks
  • Directory Traversal
  • Cross-Site Scripting (XSS)
    • Reflected XSS
    • Persistent XSS
  • File Inclusion
• Session Hijacking Attack Types
  • Session Management
  • Cookies and Sessions
  • Session Hijacking
  • Session Prediction Attack
  • Cross-Site Request Forgery (CSRF)
  • Cookie Poisoning
• Application Vulnerabilities and Mitigations
  • Broken Access Control
  • Server-Side Request Forgery (SSRF)
  • Data Poisoning

Implement Controls To Prevent Attacks

• Application Attack Mitigation Checklist