Security Talk Series: Fixing Application Security Issues the Right Way
What is security? It's about protecting assets: Tangible assets, such as a webpage or customer database, and fewer tangible assets, such as company's reputation. A threat is a potential event that can adversely affect an asset, whereas a successful attack exploits vulnerabilities (Weaknesses) in applications. The top Web application attacks are carried out through cross-site scripting, SQL injection, XML injection, canonicalization issues, data tampering, file upload, denial of service, elevation of privileges, clear text secrets, weak cryptography, and so on. This podcast talks about why vulnerabilities exist in applications and how to find and fix them correctly on the first attempt.