Play AppSec WarGames
Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.
Implementing Secure By Patching, Secure By Design and Secure By Default
Addressing security vulnerabilities can be approached in various ways, each with its own strengths and initial time investment. In my latest video, I tackle a basic security vulnerability: reflected XSS. First, I demonstrate how to exploit it, and then I show three approaches to fix it: secure by patching (spot patching), secure by design, and secure by default.
It’s worth noting that “secure by design” and “secure by default” don’t have rigid definitions and are used in various security contexts. My goal here is to highlight the differences between these methods in the realm of secure coding.
Try out the same exercise I used in the video here: XSS.py.
