Disclosure: when you buy through links on our site, we may earn an affiliate commission.

How to Avoid Writing Insecure Code

Best ways to prevent coding mistakes that hackers abuse
4.2
4.2/5
(21 reviews)
111 students
Created by

8.2

CourseMarks Score®

7.6

Freshness

8.5

Feedback

7.9

Content

Platform: Udemy
Video: 6h 16m
Language: English
Next start: On Demand

Table of contents

Description

This training is about writing secure software. We chose to deliver secure coding practices using a perspective where widespread coding security mistakes are classified into understandable chunks. We hope that this will make more sense and be more helpful to hardcore developers and analysts.
Security should be an intrinsic part of any software production methodology and its implementation. However, development is a complex process and it is extremely hard to keep a software secure as it ages. There are numerous security tools, methodologies and knowledge to produce a secure software. However, still vast number of applications include critical security bugs. Most of these bugs stem from bad coding patterns that we call software security anti-patterns or in simpler term, mistakes.
An anti-pattern is a common response to a recurring problem that is usually ineffective or worse carry risks. In simpler words, anti-patterns are commonly reinvented bad solutions to problems.
For example, one of the famous anti-patterns in software development is Spaghetti Code. In early phases of being a developer, we are usually not familiar with the importance of modularity or find little time to design first. So, we tend produce extremely complicated, hard to understand unstructured software. This way of coding produces Spaghetti Code but the end product application still may run and serve in production. However, it is extremely hard to adapt to new changes. Because since the code is not modular or structured, it is hard to add new features. Moreover, any change in the code effects other flows in an unpredictable manner. The maintenance is also crippled. Since the code’s complicated form will make the life of new developers’ difficult when they are adjusting.
Similarly, there are bad design or coding choices that repeatedly lead to security bugs. It is important to be aware of these software security anti-patterns in order not to fall prey to hackers. The course will contain eight different core mistakes. Some are more prevalent than the others, however, all of them produce deadly results. In each lesson, we will first try to explain what the specific anti-pattern is all about. Then, we will move on giving one or more demos on what can go wrong when that mistake is made. At the end of each lesson, we will look at different sound and widely acknowledged solutions against insecure design or coding choices.

You will learn

✓ The recurring security pitfalls that developers fall into
✓ Manageable and practical root causes of many famous software weaknesses
✓ Ability to map security bugs to specific coding patterns in your software
✓ Reflexive security questions you should ask during coding
✓ Familiarity with famous security bugs; XXE, Session Puzzling, Mass Assignment, XSS, Directory Traversal, IDOR and more
✓ Secure and insecure ways of validating the input

Requirements

• Intermediate knowledge of coding
• Basic understanding of writing HTTP-based applications
• No to little knowledge of security bugs

This course is for

• Software developers
• Software analysts
Software Security Enthusiast
Bedirhan Urgun has been working in the field of software security for over 15 years. Both being a security enthusiast and developer, he has extensively worked in governmental and private sectors. While software security trainings and static code analysis form the foundation of his career, he has also taken responsibilities in the fields of vulnerability management and penetration tests.
His face-to-face hands-on training portfolio comprises of; web/mobile application penetration testing, web services security and mainly writing secure code trainings. To this day, he had the chance of delivering purely technical, demo packed .NET and JAVA secure software development trainings to over 1500 developers.
He lives in İstanbul and owns a boutique software security company called SourceFlake.
Browse all courses by on Coursemarks.
Platform: Udemy
Video: 6h 16m
Language: English
Next start: On Demand

Students are also interested in