1. SECURITY SPECIALIZATION
STUDY HELP DECK

2. Mandatory: name, username and pass
Authentication vs. Authorization
2
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

3. 3
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©
Authentication vs. Authorization

4. 4
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©
Roles

5. 5
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©
IT Users

6. 6
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©
IT Users

7. 7
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©
IT Users

8. User Permissions
Fábio Godinho | OutSystems © Security Specialization | Study Help Deck 8

9. Security configurations
9
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

10. Security configurations
10
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

11. Security configurations
11
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

12. Security configurations
12
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

13. Security configurations
13
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

14. CSP - Content Security Policy
14
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

15. CSP - Content Security Policy
15
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

16. CSP - Content Security Policy
16
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

17. Cookies
17
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

18. Applications Authentication
18
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

19. Secure Session Cookies
19
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

20. Secure Session Cookies
20
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

21. Authentication validations
21
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

22. Change the authentication provider
22
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

23. Change the Authentication plugin
23
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

24. Identity providers
24
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

25. Identity providers
25
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

26. Set multiple authentication providers
https://www.outsystems.com/blog/posts/multiple-authentication-providers/
26
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

27. SSL and Session Cookies
27
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

28. Security settings
28
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

29. Administrator accounts
29
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

30. Admin of the Users app
30
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

31. https://success.outsystems.com/documentation/11/managing_the_applications_lifecycle/manage_technical_debt/code_analysis_patterns/#security
31
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©
Code analysis patterns

32. View state
32
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

33. Precautions
33
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

34. Precautions
34
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

35. Precautions
35
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

36. HSTS
36
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

37. HTTPS
37
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

38. HSTS & HTTPS
38
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

39. Precautions
39
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

40. SQL, HTML & Javascript Injection
40
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

41. Precautions
41
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

42. Internal User vs. External User
42
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

43. Providers & Authentication flow
If Active Directory OR LDAP:
- Login screen is the same BUT credentials are validated on
AD / LDAP server
- user is autom/ created in OS DB on the 1st successful
login without storing any password data
- first tries to authenticate user locally if exists in OS DB and
has a pasword defined!
If Integrated Windows Authentication:
- if user in same domain of the windows platform server,
authentication is against windows domain credentials
through browser and skips default login screen
43
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

44. Authentication flow
44
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

45. Authentication flow & User roles
45
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

46. Multi tenant
46
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

47. Persistency in Roles
47
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

48. Backoff for End Users
48
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

49. Backoff for IT Users
49
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

50. Envelope encryption
50
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

51. CIA Security triangle
51
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©
NO

52. OWASP TOP
52
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

53. Cross Site Scripting - XSS
53
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

54. Session fixation attacks
54
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

55. PII and Sensitive Information
55
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

56. XML parsing
56
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

57. Authentication vs. Authorization
57
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

58. Insecure configurations
58
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

59. Deserialization
59
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

60. Vulnerability management
60
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

61. Logging
61
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

62. Key Store plugin & Man In The Middle Attack
62
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

63. Precautions
63
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

64. AppShield for MABS
64
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

65. Zero-Day Vulnerability
65
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

66. Sample questions
66
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

67. Sample questions
67
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

68. THANK YOU
in/fabiogod​
outsystems/profile