Building Software Digital Security belt series courses (video course instructor: Fu Zhongkai)

Building Software Digital Security belt series course (18): ultimate security guide. Zip Lecture content: as a very important field, security not only has complicated theoretical support, but also pays great attention to the specific application of practical engineering. In practical applications, our designers, developers, and testers need to pay attention to many scattered places. In this course, we will discuss with you some fragmented security applications, but very common security guidance methods. I believe these methods can be used in your software design, development ,... [Preview] Building Software Digital Security belt series (3): protecting confidential data (connecting strings, passwords, and other documents. Zip) Lecture content: "who protects the confidentiality ?" The biggest challenge in the design and development of security systems is how to save "data that keeps data confidential ". In this course, we will introduce how to manage database connection strings and passwords, secure encryption key management, and secure file data encryption during development. These technologies will include. NET isolated buckets, DPAPI, System .... [Preview] Build Software Digital Security belt series course (12): Top Public Enemy --buffer overflow attack .zip Lecture content: as the oldest and most dangerous attack method, buffer overflow attacks have existed since the birth of computer software. Although in recent years, advanced processors, operating systems, compilers, and hosted high-level language virtual machines have taken various measures to prevent buffer overflow attacks. However, due to the flexibility of the attack method, and because the unmanaged code will continue to exist and run, it will... [Preview] Build Software Digital Security belt series course (5): user input verification .zip Lecture content: For applications, user input is the largest single-source malicious attack. In this course, we will show you how to filter user input to ensure that only the expected data can be entered into the application. We will introduce the validation control, regular expressions, and strong types. Course Lecturer: Fu Zhongkai, a special lecturer on MSDN, specially invited Microsoft development experts and MSDN lecturers, with 12 years of software... [Preview] Build Software Digital Security belt series course (1): Build a secure development process. Zip Lecture content: Before introducing security code technology, we must understand how to view the design, management, development, consolidation, and maintenance of security software from the perspective of the software development lifecycle. in this course, we will discuss how to consider, design and manage the security of software, which is one of the foundations for ensuring the security of our software. Course Lecturer: Fu Zhongkai, a special lecturer on MSDN, specially invited Microsoft development experts and MSDN lecturers,... [Preview] Building Software Digital Security belt series (10): Cross-Site Scripting (xss.pdf and other defensive documents. Zip) Lecture content: cross-site scripting (XSS) attacks are widely used in the Internet as a low implementation threshold and are not easy to be detected by victims. Particularly in this year's OWASP selection, cross-site scripting attacks ranked first among the top 10 Web security vulnerabilities. Therefore, Web developers should pay special attention to this attack method. In this Webcast... [Preview] Building Software Digital Security belt series (11): Windows vista中 (uac) .zip) Lecture content: User Account Control (UAC) as a new security feature of the Windows Vista operating system, it greatly reduces the security issues during running of user processes and the extent to which the operating system is attacked without administrator permissions. At the same time, this feature allows users to decide whether to grant the corresponding permissions to the application when they need applications with higher privileges, thus improving system security. And help the user drop... [Preview] Building Software Digital Security belt series course (13): Security and weakness details. Zip Lecture content: Does encryption ensure our security? Unfortunately, the answer is no. Although encryption can help developers solve specific security problems, achieve data privacy, integrity protection and authentication, encryption cannot solve code errors in our applications. Even when we mistakenly use encryption, we may not be able to guarantee the original security problems. In this course, we will... [Preview] Building Software Digital Security belt series course (14): confidential data protection .zip Lecture content: for our current computer hardware, it is difficult to fully secure storage of sensitive data such as keys, signatures, and passwords. Any user with sufficient permissions or with direct physical access to the computer may steal the confidential data. Although it is difficult to completely protect confidential data, we can increase the intrusion cost by raising the security threshold. In this course, we will provide you... [Preview] Building Software Digital Security belt series course (15): license control Privilege Management. Zip Lecture content: Windows provides multiple methods for user access control permissions. ACL is the most widely used and scalable technology. In fact, ACL is the foundation of Windows NT/2000/XP/2003/Vista in terms of security. It can be used to protect similar resources such as files and registry keys. In some cases, the incorrectly designed ACL will cause serious security issues... [Preview]

Build Software Digital Security belt series course (16): socketsecurity .zip Lecture content: Socket is the core part of communication using TCP/IP protocol applications. in IPv4, IP and related transmission protocols, such as TCP and UDP, do not consider security threats. in addition, although some threats can be eliminated in IPv6, there are still other problems. in this course, we will introduce how to securely bind, monitor... [Preview] Building Software Digital Security belt series course (17): Answer questions .zip Lecture content: Do not make your security dependent on the Resource Name, especially the file name! But when you see rose, ROSE, Rose or r % 6fse, do you think they represent the same object? If so, and if this is a protected object, when we block access to rose, then ROSE, how should we use Rose, r % 6fse, and more representation methods... [Preview] Building Software Digital Security belt series (19): compiling secure documents and incorrect information. Zip Lecture content: documents and error messages are required for each software product. The prepared documents and error messages help the project personnel understand the project and facilitate the use of the software. Because software engineering is a process of constant negotiation and balancing of various factors, some security problems may be exposed during the trade-offs, documents and error messages can help people understand these trade-offs and problems. In this course... [Preview] Building Software Digital Security belt series course (2): developer security standards and guide. Zip Lecture content: it is very important to realize that developers will encounter various types of security attacks. In this course, we will classify various attack methods, explain how they work and behave, and give specific examples and solutions to them. Then, we will compare the security of fat clients, Web clients, and Web Service applications. Course Lecturer: Fu Zhongkai MSDN Special Lecturer Microsoft specially invited development experts... [Preview] Build Software Digital safety belt series course (20): Security Test .zip Lecture content: security testing is an important part of the entire software development process. In this course, we will introduce the important role of software products in testing from design to final release. At the same time, we will introduce some important security testing methods different from general testing. These methods are highly practical and different from the theoretical knowledge in books. Course INSTRUCTOR: Fu Zhongkai Visual Stud... [Preview] Building Software Digital Security belt series (4): Data Warehouse protection-detailed introduction to SQL Injection Attack .zip Lecture content: SQL injection attacks are a very common attack method. In this course, we will study this topic in depth, introduce the dangers of SQL injection attacks through demonstration, and introduce related technologies to prevent SQL injection attacks. Course Lecturer: Fu Zhongkai, a special lecturer at MSDN, specially invited Microsoft development experts and MSDN lecturers. He has 12 years of software development experience and has been mainly engaged in the department... [Preview] Building Software Digital Security belt series (6): ASP. NET Web servicesecurity introduction. Zip Lecture content: Microsoft ASP. NET Web Service adopts flexible open standards, making Web Service an excellent mechanism to provide services for client and intermediate layer business logic hosts. However, due to standard restrictions and various types of clients, the security of Web services is difficult to guarantee. In this course, we will describe how to develop and apply authorization, authentication and security... [Preview] Build Software Digital safety belt series course (7): Protect your code. Zip Lecture content: "All programs can be reverse engineering. Some may want to use your software freely. Some may want to steal your algorithms or code. Your application may contain other valuable security information, which may attract the attention of attackers. However, no matter what the motives behind security threats are, you must understand how to protect your code. This course will show you how to hide your code... [Preview] Building Software Digital Security belt series (8): WSE 3.0basic security Introduction. Zip Lecture content: In this course, I will introduce you to the basic security features of WSE 3.0. Starting from the preparation file, we will implement message-based security policies in common scenarios, as well as performance optimization during secure communication. In addition, you will also see how to add simple authentication in the Web Service to determine whether the user can call the Web method. Finally, we will learn how to implement custom policies... [Preview] Building Software Digital Security belt series (9): WSE 3.0advanced Security special introduction .zip Lecture content: In this course, I will introduce some advanced security features of WSE 3.0. We will configure these security policies by encoding. In addition, we will show you how to write custom policy assertions to implement application security features such as access control and audit. Course Lecturer: Fu Zhongkai, a special lecturer at MSDN, specially invited Microsoft development experts and MSDN lecturers with 12 years... [Preview]