Identify Project Risks In this lecture we’re going to talk about identifying project risk that we always want to be on the lookout for new risk events. This is from the very start of the project, really all the way into the finish of the project. I mentioned in the last lecture this idea, idea of risk categories. So risk categories are a way of chunking out your project into different buckets of risk events. And this helps us to create what we see in this slide is a risk…

Section Overview In this section on project risk management, we’re going to take a look at many risk management processes that are grouped in planning. So of our 24 processes in planning, a big chunk of these are dedicated to risk management. So we’re going to talk about risk and reward. That not all risk is bad. Want you to watch for the idea of a business risk versus a pure risk in this section. So in our conversation about what is risk, that’s really important. We’ll begin our conversation…

Scripting (OBJ 3.4) Scripting. In this lesson we’re going to talk about scripting because it is so important to be able to automate things. Now, when it comes to automation, one of the best places to use automation is within the cloud. Now, when you use cloud automation this is the completion of cloud related administrative tasks without human intervention. Now essentially this allows us to do lots and lots of things without even being awake or noticing that is happening. We let the computers do it for us. Now,…

REST (OBJ 2.2) Rest. In this lesson, we’re going to talk about Rest, the representational state Transfer. Now, Rest is a software architectural style that defines a set of constraints to be used for creating web application services. When we talk about Rest, you also hear it referred to as Restful APIs. And these are a looser architectural framework than Soap’s tightly specified protocol. Now, if you remember we talked about Soap used XML based messages. Well, Rest has a lot more options. Rest is going to support Http XML…

SOA and Microservices (OBJ 2.2) SOA and microservices. In this lesson we’re going to start talking about the way systems are designed these days by using serviceoriented architecture and microservices. Now, in the old days, the legacy way of doing things, we would build these huge monolithic networks and we’d have to get our routing and our security and our servers. We put all this stuff together to build these huge networks to perform one function. Everything was very tight, they coupled and so when something went wrong we had…

Session Hijacking (OBJ 1.7) Session hijacking. In this lesson we are going to talk all about session hijacking. But before we do, we need to talk about session management because session management is a fundamental security component in our web applications these days. When we talk about session management, this enables web applications to uniquely identify a user across a number of different actions and requests while keeping the state of the data generated by that user and ensuring it’s assigned to that user. Now, when we do session management,…

Secure Coding (OBJ 2.2) Secure coding. In this lesson we are going to talk about some secure coding best practices. And in this lesson we’re going to talk about input validation, output encoding and parametric queries. First, let’s talk about input validation. Now, I know I’ve mentioned how important it is when I talked about XML and SQL and directory traversals and we kept saying input validation was important, but we never really defined it. Well, input validation is any technique that you use to ensure the data entered into…

SQL Injection (OBJ 1.7) SQL injection. In this lesson, we are going to talk about SQL injection. But before we do that, we have to talk a little bit about what SQL is. Now, when you deal with a database, you have to have a way to talk to that database. And the way you get information or write information or update information from that database is by using SQL statements. SQL is the structured query language and it’s used to select, insert, delete, or update data within a database….

Directory Traversal (OBJ 1.7) Directory traversal. In this lesson we’re going to talk about directory traversal attacks and the vulnerabilities associated with them. Now when we talk about a directory traversal attack, this is a type of injection attack and injection attacks occur when the attacker inserts malicious code through an application interface. Now the one we’re going to talk about specifically here and focus on is directory transversal. Now a directory traversal is a type of injection attack and any kind of injection attack really focuses on the ability…

Cloud Threats (OBJ 1.6) Cloud threats. In this lesson, we’re going to talk about some of the cloud threats and vulnerabilities. Because while the cloud has a lot of benefits, especially in terms of cost and operations, there are some vulnerabilities and some significant issues that we have to consider. Now, most of these vulnerabilities are going to happen in terms of identity and access management. So you really need to do a good job in securing that area because that’s your privileges, that’s your authorizations and your authentications. Now,…