Please enable JavaScript.
Coggle requires JavaScript to display documents.
LESSON 14 SUMMARIZING SECURE APPLICATION CONCEPTS - Coggle Diagram
LESSON 14
SUMMARIZING SECURE APPLICATION CONCEPTS
14A: Analyze Indicators of Application Attacks
Application Attacks
Privilage Escalation
Error Handling
Improper Output Handling
Overflow Vulnerabilities
Buffer Overflow
Integer Overflow
Null Pointer Dereferncing and Race Conditions
Memory Leaks and Resource Exhaustion
DLL Injection and Driver Manipulation
Pass the Hash Attack
14B Analyze Indicator of Web Application Attacks
URL Analysis
HTTP Methods
Percent Encoding
Application Programming Interface (API) Attacks
Replay Attacks
Session Hijacking and Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF or XSRF)
Clickjacking
SSL Strip
Cross-Site Scripting (XSS)
SQL Injection Attacks
XML and LDAP Injection Attacks
Extensible Markup Language (XML) Injection
Lightweight Directory Access Protocol (LDAP) Injection
Directory Traversal and Command Injection Attacks
Server-Side Request Forgery (SSRF)
14C: Summarize Secure Coding Practices
Secure Coding Techniques
Input Validation
Normalization and Output Encoding
Server-Side vs Client-Side Validation
Web Application Security
Secure Cookies
Response Headers
Data Exposure and Memory Management
Error Handling
Memory Management
Secure Code Usage
Other Secure Coding Practices
Unreachable Code and Dead Code
Obfuscation/Camoufalge
Static Code Analysis
Dynamic Code Analysis
14D: Implement Secure Script Environments
Scripting
Python Script Environment
Variables
Functions
Logic and Looping Statements
Modules
Execution
PowerShell Script Environment
Cmdlets and Functions
Logic and Looping Statements
Modules
Execution Control
Allow and Block Lists
Code Signing
OS-Based Execution Control
Malicious Code Indicatiors
PowerShell Malicious Indicators
Bash and Python Malicious Indicators
Macros and Visual Basic for Applications (VBA)
Man-in-the-Browser Atatck
14E: Summarize Deployment and Automation Concepts
Application Development, Deployment, and Automation
Secure Application Development Environments
Development Environments
Quality Assurance (QA)
Provisioning, Deprovisioning, and Version Control
Provisioning
Deprovisioning
Version Control
Automation/Scripting Release Paradigms
Continous Integration
Continous Delivery
Continous Deployment
Continous Monitoring and Automated Courses of Actions
Continous Validation
Software Diversity