Useful Links
Computer Science
Cybersecurity
Application Security
1. Introduction to Application Security
2. Foundational Security Principles
3. Secure Software Development Lifecycle
4. Secure Design and Architecture
5. Secure Coding Practices
6. Language-Specific Security Considerations
7. Third-Party Component Security
8. Secrets Management
9. Security Testing Methodologies
10. Common Vulnerability Categories
11. Secure Deployment and Operations
12. Vulnerability Management and Incident Response
13. Specialized Application Security Domains
14. Application Security Program Management
Secure Design and Architecture
Security Requirements Engineering
Functional Security Requirements
Authentication Requirements
Authorization Requirements
Data Protection Requirements
Audit and Logging Requirements
Non-Functional Security Requirements
Performance Security Trade-offs
Scalability Security Considerations
Compliance Requirements
Privacy Requirements
Threat Modeling Methodologies
STRIDE Methodology
Spoofing Identity
Tampering with Data
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege
DREAD Assessment
Damage Potential
Reproducibility
Exploitability
Affected Users
Discoverability
PASTA Framework
Process Overview
Attack Simulation
Threat Analysis Steps
VAST Approach
Visual Modeling
Agile Integration
Scalable Threat Modeling
Threat Modeling Process
Application Decomposition
Data Flow Diagrams
Trust Boundaries
Entry and Exit Points
Data Stores
Threat Identification
Threat Enumeration
Attack Trees
Misuse Cases
Risk Assessment
Likelihood Determination
Impact Analysis
Risk Scoring
Countermeasure Selection
Mitigation Strategies
Risk Acceptance
Risk Transfer
Secure Architecture Patterns
Authentication Patterns
Single Sign-On
Multi-Factor Authentication
Federated Identity
Authorization Patterns
Role-Based Access Control
Attribute-Based Access Control
Policy-Based Access Control
Session Management Patterns
Stateless Sessions
Secure Session Storage
Session Lifecycle Management
Data Protection Patterns
Encryption at Rest
Encryption in Transit
Key Management Patterns
Input Handling Patterns
Input Validation
Output Encoding
Parameterized Queries
Previous
3. Secure Software Development Lifecycle
Go to top
Next
5. Secure Coding Practices