This lesson covers application security.

Objectives and Skills

Objectives and skills for the application security portion of Security+ certification include:^[1]

Explain the importance of application security controls and techniques.

• Fuzzing
• Secure coding concepts
  • Error and exception handling
  • Input validation
• Cross-site scripting prevention
• Cross-site Request Forgery (XSRF) prevention
• Application configuration baseline (proper settings)
• Application hardening
• Application patch management
• NoSQL databases vs. SQL databases
• Server-side vs. Client-side validation

Readings

Multimedia

1. YouTube: Fuzzing - CompTIA Security+ SY0-401: 4.1
2. YouTube: Secure Coding Concepts - CompTIA Security+ SY0-401: 4.1
3. YouTube: Application Configuration Baselining and Hardening - CompTIA Security+ SY0-401: 4.1
4. YouTube: Application Patch Management - CompTIA Security+ SY0-401: 4.1
5. YouTube: SQL and NoSQL Databases - CompTIA Security+ SY0-401: 4.1
6. YouTube: Server-side vs. Client-side Validation - CompTIA Security+ SY0-401: 4.1

Activities

See Also

References