Appsec | mikePietsch.com

1. The Security Mindset

10. Password Storage Best Practices

11. Security Misconfiguration

12. HTTP Security Headers

13. Vulnerable and Outdated Components

14. XSS: Reflected Cross-Site Scripting

15. XSS: Stored Cross-Site Scripting

16. XSS: DOM-Based Cross-Site Scripting

17. Content Security Policy in Depth

18. CSRF: Cross-Site Request Forgery

19. XML External Entity (XXE) Attacks

2. OWASP Top 10 2021 Overview

20. Server-Side Request Forgery (SSRF)

21. Broken Authentication

22. JWT Security

23. OAuth 2.0 and OIDC Security

24. API Security

25. Secrets Management

26. SAST: Static Application Security Testing

27. DAST: Dynamic Application Security Testing

28. Software Composition Analysis and Supply Chain Security

29. Container Security

3. SQL Injection

30. Kubernetes Security

31. Penetration Testing Basics

32. Secure Code Review Checklist

33. DevSecOps: Shifting Security Left

4. NoSQL Injection

5. Command Injection

6. LDAP, XPath, and Other Injection Types

7. Broken Access Control

8. Implementing Authorization Correctly

9. Cryptographic Failures

— joke —

...