The document discusses secure software development lifecycles and application security. It notes that security is often not considered during traditional SDLC processes. It advocates doing threat modeling and source code analysis to integrate security. It also discusses differences between blackbox and whitebox testing approaches, and analyzing applications at the source code level versus object code level.
9. Root cause of Vulnerabilities CSI Security Survey : Vulnerability Distribution misconfiguration, other problems 36% programming errors 64% misconfiguration, other problems programming errors
12. Vulnerable State Expected State Exception Handler Decision Integer/ Number Special Characters A-Z Characters Input Potential Exploitation Enterprise level bugs
38. QueryString POST name and value pairs XML/JSON etc. HTTP variables Cookie etc. File attachments uploads etc. Feeds and other party information Open APIs and integrated streams HTTP Response variables JSON/XML streams API - steams Entry Point Review