Solidity for QA, DevSecOps and TPMs Год выпуска: 2024 Производитель: Udemy Сайт производителя: https://www.udemy.com/course/solidity-for-qa-devsecops-and-tpms Автор: Dan Morrill Продолжительность: ~10h52m Тип раздаваемого материала: Видеоурок Язык: Английский Описание: Course DescriptionThis "QA and SecDevOps Best Practices for Developing Hack-Resistant Ethereum Applications" course is designed to equip students with the skills and knowledge to develop secure and robust smart contracts and decentralized applications (DApps) on blockchain platforms like Ethereum. In today's rapidly evolving blockchain landscape, security is paramount, and this course focuses on teaching students how to identify, prevent, and mitigate common vulnerabilities and threats that can jeopardize the integrity and value of blockchain-based systems.This course is focused on QA, DevSecOps, and Technical Project Managers and their roles and knowledge for developing smart contracts on an Ethereum style blockchain. Course Highlights:Solidity Fundamentals: Students will start with a strong foundation in Solidity, the programming language used for Ethereum smart contracts. They will learn how to write and deploy basic contract agreements, understand the Ethereum Virtual Machine (EVM), and explore the intricacies of blockchain development.Security Best Practices: The course will explore security best practices for smart contract development. Topics include access control, input validation, secure data storage, and protection against reentrancy attacks. Students will also examine real-world case studies of smart contract vulnerabilities and breaches.By the end of the "QA and SecDevOps Best Practices for Developing Hack-Resistant Ethereum Applications" course, students will have a deep understanding of Solidity programming, blockchain security principles, and the ability to develop smart contracts and DApps that adhere to industry best practices. Whether students are aspiring blockchain developers, auditors, or security professionals, this course provides the knowledge and skills necessary to securely navigate blockchain technology's exciting and ever-evolving world.
Содержание
05:06 02:19 Book for this course 00:03 Security Modeling 03:26 What is Security Requirements Engineering 05:53 Abuse Case Modeling 06:14 08:29 SQUARE 15:07 12:18 Downloadable Document Templates 00:01 Threat Modeling 08:13 Secure Application Architecture 11:23 13:05 Input Validation 10:19 Input Validation Examples 06:52 Authorization and Authentication 09:31 Contract Proxy 03:49 02:20 Cryptography 11:17 Session Management 10:35 Error Handling 12:19 The Defensive Programming Mindset 10:32 Proof of Work - Consensus Protocols 08:36 Proof of Stake - Consensus Protocols 09:08 Other types of Consensus Protocols 06:27 SAST and DAST 09:44 Static Application Testing 08:57 Manual Code Review 17:04 Dynamic Application Testing 11:11 Automated Security Testing 05:58 04:21 Pre-Deployment Checks 14:06 Using a Test Environment 12:08 Post-Deployment Checks 11:57 Security Levels - Network 11:28 Security Levels - Host 09:07 Security Levels - Web 09:08 Security Levels - Database 10:00 Security Levels - Monitoring and Maintenance 07:02 Security Levels - Audit 09:14 Security Levels - Oracles and 3rd party systems 08:11 How to monitor your contract 08:41 Cost Management 10:53 Wallet Security 08:40 Vault Security 06:38 Vault or Wallet 04:42 Mnemonic Keys 05:44 Mnemonic Reconstruction 15:43 BIP-39 Overview 03:44 Off-Chain Workers 10:06 ERCs 07:47 Blockchain Security Vendors 06:03 Past Attacks 08:27 What is Open Zeppelin 09:47 Open Zeppelin Templates 09:34 Using Open Zeppelin Libraries 07:12 Breaking Changes 03:38 Using live examples from the internet for test ideas 04:34 Bypass Contract Checks 05:24 Rentracy Example 03:02 Check Effects 03:54 Collisions 05:27 Contract Size Check 06:00 Delegate Call 05:53 Denial of Service 05:48 External Calls 05:47 Malicious Code 04:55 Front Running 05:44 Testing Governance Controls 11:38 Testing Governance Wallets 08:42 Finding Hidden Malicious Code 06:44 On Chain Data 10:06 Oracle Manipulation 08:56 Overflow/Underflow 06:42 Private Data via API 11:20 Public Data via API 10:54 Randomness 05:33 Self Destruct 05:13 Signature Replay 04:25 Time 06:03 DevOps 05:50 DevSecOps 06:15 QA process 06:26 Thank you for taking this course 01:05
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
![[Quote]](./templates/default/images/lang/en/icon_quote.gif "Reply with quote"){kind=icon}
![[Profile]](./templates/default/images/lang/en/icon_profile.gif "View user's profile"){kind=icon}
![[PM]](./templates/default/images/lang/en/icon_pm.gif "Send private message"){kind=icon}
