Building Software Digital Security belt series course (18): ultimate security guide. Zip
Lecture content: as a very important field, security not only has complicated theoretical support, but also pays great attention to the specific application of practical engineering. In practical applications, our designers, developers, and testers need to pay attention to many scattered places. In this course, we will discuss with you some fragmented security applications, but very common security guidance methods. I believe these methods can be used in your software design, development ,... [Preview] |
Building Software Digital Security belt series (3): protecting confidential data (connecting strings, passwords, and other documents. Zip)
Lecture content: "who protects the confidentiality ?" The biggest challenge in the design and development of security systems is how to save "data that keeps data confidential ". In this course, we will introduce how to manage database connection strings and passwords, secure encryption key management, and secure file data encryption during development. These technologies will include. NET isolated buckets, DPAPI, System .... [Preview] |
Build Software Digital Security belt series course (12): Top Public Enemy --buffer overflow attack .zip
Lecture content: as the oldest and most dangerous attack method, buffer overflow attacks have existed since the birth of computer software. Although in recent years, advanced processors, operating systems, compilers, and hosted high-level language virtual machines have taken various measures to prevent buffer overflow attacks. However, due to the flexibility of the attack method, and because the unmanaged code will continue to exist and run, it will... [Preview] |
Build Software Digital Security belt series course (5): user input verification .zip
Lecture content: For applications, user input is the largest single-source malicious attack. In this course, we will show you how to filter user input to ensure that only the expected data can be entered into the application. We will introduce the validation control, regular expressions, and strong types. Course Lecturer: Fu Zhongkai, a special lecturer on MSDN, specially invited Microsoft development experts and MSDN lecturers, with 12 years of software... [Preview] |
Build Software Digital Security belt series course (1): Build a secure development process. Zip
Lecture content: Before introducing security code technology, we must understand how to view the design, management, development, consolidation, and maintenance of security software from the perspective of the software development lifecycle. in this course, we will discuss how to consider, design and manage the security of software, which is one of the foundations for ensuring the security of our software. Course Lecturer: Fu Zhongkai, a special lecturer on MSDN, specially invited Microsoft development experts and MSDN lecturers,... [Preview] |
Building Software Digital Security belt series (10): Cross-Site Scripting (xss.pdf and other defensive documents. Zip)
Lecture content: cross-site scripting (XSS) attacks are widely used in the Internet as a low implementation threshold and are not easy to be detected by victims. Particularly in this year's OWASP selection, cross-site scripting attacks ranked first among the top 10 Web security vulnerabilities. Therefore, Web developers should pay special attention to this attack method. In this Webcast... [Preview] |
Building Software Digital Security belt series (11): Windows vista中 (uac) .zip)
Lecture content: User Account Control (UAC) as a new security feature of the Windows Vista operating system, it greatly reduces the security issues during running of user processes and the extent to which the operating system is attacked without administrator permissions. At the same time, this feature allows users to decide whether to grant the corresponding permissions to the application when they need applications with higher privileges, thus improving system security. And help the user drop... [Preview] |
Building Software Digital Security belt series course (13): Security and weakness details. Zip
Lecture content: Does encryption ensure our security? Unfortunately, the answer is no. Although encryption can help developers solve specific security problems, achieve data privacy, integrity protection and authentication, encryption cannot solve code errors in our applications. Even when we mistakenly use encryption, we may not be able to guarantee the original security problems. In this course, we will... [Preview] |
Building Software Digital Security belt series course (14): confidential data protection .zip
Lecture content: for our current computer hardware, it is difficult to fully secure storage of sensitive data such as keys, signatures, and passwords. Any user with sufficient permissions or with direct physical access to the computer may steal the confidential data. Although it is difficult to completely protect confidential data, we can increase the intrusion cost by raising the security threshold. In this course, we will provide you... [Preview] |
Building Software Digital Security belt series course (15): license control Privilege Management. Zip
Lecture content: Windows provides multiple methods for user access control permissions. ACL is the most widely used and scalable technology. In fact, ACL is the foundation of Windows NT/2000/XP/2003/Vista in terms of security. It can be used to protect similar resources such as files and registry keys. In some cases, the incorrectly designed ACL will cause serious security issues... [Preview] |
|