From the course: CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Authentication and session management issues
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security
Authentication and session management issues
- [Instructor] Software Developers rely upon authentication systems to validate the identities of users and make authorization decisions. I've already covered authentication systems in great depth in the CISA Plus identity and access management course, but let's look at three specific issues of particular importance to software developers. First, you should never store user passwords in plaintext form. Storing passwords without encryption exposes them to the risk of theft. Instead, you should store passwords in hashed and salted form. Hashing a password uses a cryptographic algorithm to transform the password into a value that can't be reversed. This allows for the verification that a password is correct by comparing hash values, but does not allow someone with the hashed file to recover the passwords because the hash function is irreversible. Salting passwords prior to hashing them adds a random value to the password.…
Contents
-
-
-
-
-
(Locked)
Input validation2m 46s
-
(Locked)
Parameterized queries3m 35s
-
(Locked)
Authentication and session management issues2m 41s
-
(Locked)
Data protection3m 39s
-
(Locked)
Output encoding3m 55s
-
(Locked)
Error and exception handling3m 52s
-
(Locked)
Code repositories6m 29s
-
(Locked)
Code signing2m 50s
-
(Locked)
-
-
-
-
-
-
-
-
-
-