Useful Links
Computer Science
Cybersecurity
Application Security
1. Introduction to Application Security
2. Foundational Security Principles
3. Secure Software Development Lifecycle
4. Secure Design and Architecture
5. Secure Coding Practices
6. Language-Specific Security Considerations
7. Third-Party Component Security
8. Secrets Management
9. Security Testing Methodologies
10. Common Vulnerability Categories
11. Secure Deployment and Operations
12. Vulnerability Management and Incident Response
13. Specialized Application Security Domains
14. Application Security Program Management
Secrets Management
Secrets Identification
Types of Secrets
API Keys
Database Credentials
Encryption Keys
Certificates
Secret Discovery
Code Scanning
Configuration Review
Environment Analysis
Secure Secret Storage
Avoiding Hardcoded Secrets
Code Repository Risks
Configuration File Risks
Environment Variable Considerations
Secret Management Systems
Centralized Secret Stores
Distributed Secret Management
Cloud-Based Solutions
Secret Lifecycle Management
Secret Generation
Entropy Requirements
Format Considerations
Uniqueness Requirements
Secret Distribution
Secure Delivery Methods
Access Control
Audit Trails
Secret Rotation
Rotation Policies
Automated Rotation
Zero-Downtime Rotation
Secret Revocation
Emergency Revocation
Planned Revocation
Impact Assessment
Previous
7. Third-Party Component Security
Go to top
Next
9. Security Testing Methodologies