Volume 2: Inside Software: How Real Systems Are Built9/10
  1. 01Software Design 101-110
  2. 02Application Architecture 111-120
  3. 03Web and Mobile Apps 121-130
  4. 04Developer Workflow 131-140
  5. 05Testing and Quality 141-150
  6. 06Distributed Systems 151-160
  7. 07Cloud Platforms 161-170
  8. 08Delivery and Operations 171-180
  9. 09Applied Security 181-190
  10. 10Real-World Systems 191-200

Chapter 09 of 10

Applied Security 181-190

10 lessons54 min readingParts 181-190
  1. 01Least PrivilegeHow much access should a user, application, or service receive?5 min read
  2. 02Defense in DepthWhy use several security controls around the same valuable system?6 min read
  3. 03Zero TrustWhat does never trust, always verify mean in practical architecture?6 min read
  4. 04Secure Software DevelopmentWhere should security fit in the software lifecycle?6 min read
  5. 05Input ValidationWhy must software distrust data even from its own interface?5 min read
  6. 06SQL InjectionHow can user input accidentally become part of a database command?5 min read
  7. 07Cross-Site ScriptingHow can untrusted content become code in another user's browser?5 min read
  8. 08Cross-Site Request ForgeryHow can a malicious page cause a browser to send an unwanted authenticated request?5 min read
  9. 09Security Logging and Audit TrailsWhich records help detect and investigate sensitive activity?5 min read
  10. 10Vulnerability ManagementHow do organizations handle an endless stream of discovered weaknesses?6 min read