From the course: CISSP Cert Prep (2021): 8 Software Development Security
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Authentication/session management issues
From the course: CISSP Cert Prep (2021): 8 Software Development Security
Authentication/session management issues
- [Instructor] Software developers rely upon authentication systems to validate the identities of users and make authorization decisions. We've already talked about a few application authentication concepts, but let's take a look at a couple of issues of specific importance to software developers. First, you should never store user passwords in plaintext form. Storing passwords exposes them to the risk of theft. Instead you should store passwords in hashed and salted form. Hashing a password uses a cryptographic algorithm to transform the password into a value that can't be reversed. This allows for the verification that a password is correct by comparing hash values, but it doesn't allow someone with the hash file to recover the passwords, because the hash function is irreversible. Salting the passwords prior to hashing them adds a random value to the password. This is a control that's necessary to protect…
Contents
-
-
-
-
-
-
Input validation2m 37s
-
(Locked)
Parameterized queries3m
-
(Locked)
Authentication/session management issues1m 49s
-
(Locked)
Output encoding3m 13s
-
(Locked)
Error and exception handling3m
-
(Locked)
Code signing2m 8s
-
(Locked)
Database security3m 53s
-
(Locked)
Data deidentification2m 44s
-
(Locked)
Data obfuscation2m 12s
-
-
-