Status Updates From Alice and Bob Learn Secure ...

Complete chapter 7, which includes popular frameworks like .NET and Angular, and how to make your app safe. For instance, in Angular, type policies are controlled via the CSP header. In .NET, start by being up-to-date and using hash and encryption algorithms. Try signing serialized objects to ensure their integrity, etc.

Complete js section on chapter 6 , which contains golden tips for security related to js

Complete chapter 5 after completing the security phone and serverless and websocket

Complete part I, which put us in a good foundation , and starting on part II by chapter 5, which starts giving framework tips starting by restful api

Sometimes, regular errors can be potential security risks and can avoid logging and its importance to know what is going on. Cryptography is a math field responsible for changing data shape, and it has two types: one-way and two-way encryption.

Read sections related to files and serialization; it is an awesome part that explores important aspects of file scanning, auditing changes through file management monitoring, and using SAST tools to test binary security. Using a WAF is a good option for extra security, as it enables ASLR security mode on the OS. Do not deserialize objects from unknown sources; try signing serialized ones.

Read the first section of Chapter 3. This section discusses databases and offers multiple recommendations to maintain their security, from a customer perspective to data masking to protect PII, and advice for development teams, such as encrypting sensitive data and avoiding the use of custom algorithms.

Complete chapter 2, which speaking about SSDLC

Chapter one concludes by continuing its tips and principles from CIA triage to defence in depth. Considering that patching is not easy, try to respect compliance and regulations. Using frameworks like OWASP will help protect; test your application as much as possible; and try to identify your threat model and don't use an obscurity as a security layer .

Chapter 1 introduces the importance of security and lists principles like the CIA triad, least privilege, secure defaults, and zero trust. Nothing is trusted—not only humans but also other systems with which we integrate, even systems built within our company.