SHARE
TWEET

Untitled

a guest Oct 23rd, 2019 81 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. - Top Design Flaws Introduction
  2. - Top Design Flaws Defense In Depth
  3. - Top Design Flaws Separation of Concerns
  4. - Top Design Flaws Single Responsibility
  5. - Top Design Flaws Least Knowledge
  6. - Top Design Flaws Don't Repeat Yourself
  7. - Developer Business Case
  8. - Developer Understanding the Attacker
  9. - Developer The Attack Process
  10. - Trust Nothing
  11. - Developer Threat Modeling
  12. - SDLC Introduction
  13. - Waterfall Model
  14. - Agile Development
  15. - DevOps
  16. - SDLC Conclusion
  17.  
  18. - Injection
  19. - Broken Authentication
  20. - Session Management
  21. - Sensitive Data Exposure: Insecure Cryptographic Storage
  22. - Sensitive Data Exposure: Insufficient Transport Layer Protection
  23. - XML External Entity (XXE)
  24. - Broken Access Control
  25. - Security Misconfiguration
  26. - Cross-Site Scripting (XSS)
  27. - Insecure Deserialization
  28. - Using Components With Known Vulnerabilities
  29. - Insufficient Logging and Monitoring
  30.  
  31. - Classic Issues-Introduction
  32. - Memory Inspection
  33. - Buffer Overflow
  34. - Cross Site Request Forgery
  35. - Improper Error Handling
  36. - Unvalidated Redirects and Forwards
  37.  
  38. Captive portals
  39.  
  40. redirect functions should warn the user and validate the redirects
  41.  
  42. complex phishing attack
  43.  
  44. Unvalidated redirects and forwards
  45.  
  46. - Insecure Data Storage
  47.  
  48. SQLite db's are not secure for a rooted device
  49.  
  50. Don't store usernames and passwords, instead store a token file.
  51.  
  52. - Unintended Data Leakage
  53.  
  54. Transition screens get stored to the filesystem and can be leaked on iOS  
  55. Keyboard autocorrect dictionaries capturing answers to security questions  
  56. Clipboard caches  
  57. Logging password failure attempts or typos
  58.  
  59. - Broken Cryptography
  60. - Client-Side Injection
  61. - Reverse Engineering
  62.  
  63. needle  
  64. QARK  
  65. IDA  
  66. drozer  
  67. Hopper  
  68.  
  69.  
  70.  
  71. ## Cross Site Request Forgery
  72.  
  73.  OWASP CSRFGuard, additional unique token beyond the session token, or reauthenticate before significant state change.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top