This document is a study help deck for a security specialization that covers various topics related to authentication, authorization, roles, permissions, configurations, providers, flows, best practices, vulnerabilities, and sample questions. It was created by Fábio Godinho of OutSystems and contains explanations and descriptions of key security concepts.

1. SECURITY SPECIALIZATION
STUDY HELP DECK

2. Mandatory: name, username and pass
Authentication vs. Authorization
2
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

3. 3
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©
Authentication vs. Authorization

4. 4
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©
Roles

5. 5
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©
IT Users

6. 6
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©
IT Users

7. 7
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©
IT Users

8. User Permissions
Fábio Godinho | OutSystems © Security Specialization | Study Help Deck 8

9. Security configurations
9
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

10. Security configurations
10
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

11. Security configurations
11
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

12. Security configurations
12
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

13. Security configurations
13
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

14. CSP - Content Security Policy
14
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

15. CSP - Content Security Policy
15
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

16. CSP - Content Security Policy
16
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

17. Cookies
17
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

18. Applications Authentication
18
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

19. Secure Session Cookies
19
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

20. Secure Session Cookies
20
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

21. Authentication validations
21
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

22. Change the authentication provider
22
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

23. Change the Authentication plugin
23
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

24. Identity providers
24
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

25. Identity providers
25
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

26. Set multiple authentication providers
https://www.outsystems.com/blog/posts/multiple-authentication-providers/
26
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

27. SSL and Session Cookies
27
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

28. Security settings
28
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

29. Administrator accounts
29
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

30. Admin of the Users app
30
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

31. https://success.outsystems.com/documentation/11/managing_the_applications_lifecycle/manage_technical_debt/code_analysis_patterns/#security
31
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©
Code analysis patterns

32. View state
32
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

33. Precautions
33
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

34. Precautions
34
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

35. Precautions
35
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

36. HSTS
36
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

37. HTTPS
37
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

38. HSTS & HTTPS
38
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

39. Precautions
39
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

40. SQL, HTML & Javascript Injection
40
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

41. Precautions
41
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

42. Internal User vs. External User
42
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

43. Providers & Authentication flow
If Active Directory OR LDAP:
- Login screen is the same BUT credentials are validated on
AD / LDAP server
- user is autom/ created in OS DB on the 1st successful
login without storing any password data
- first tries to authenticate user locally if exists in OS DB and
has a pasword defined!
If Integrated Windows Authentication:
- if user in same domain of the windows platform server,
authentication is against windows domain credentials
through browser and skips default login screen
43
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

44. Authentication flow
44
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

45. Authentication flow & User roles
45
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

46. Multi tenant
46
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

47. Persistency in Roles
47
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

48. Backoff for End Users
48
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

49. Backoff for IT Users
49
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

50. Envelope encryption
50
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

51. CIA Security triangle
51
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©
NO

52. OWASP TOP
52
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

53. Cross Site Scripting - XSS
53
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

54. Session fixation attacks
54
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

55. PII and Sensitive Information
55
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

56. XML parsing
56
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

57. Authentication vs. Authorization
57
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

58. Insecure configurations
58
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

59. Deserialization
59
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

60. Vulnerability management
60
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

61. Logging
61
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

62. Key Store plugin & Man In The Middle Attack
62
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

63. Precautions
63
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

64. AppShield for MABS
64
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

65. Zero-Day Vulnerability
65
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

66. Sample questions
66
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

67. Sample questions
67
Security Specialization | Study Help Deck
Fábio Godinho | OutSystems ©

68. THANK YOU
in/fabiogod​
outsystems/profile