Explore practical applications of security principles in software development through a conference talk from the 37th Chaos Communication Congress (37C3). Delve into how security concepts like Least Privilege, TCB Minimization, and Self Sandboxing can be implemented in a real-world CRUD web application. Learn about the intentional introduction of dangerous attack surfaces and the concept of append-only data storage. Discover the potential security gains achievable through architectural decisions, challenging the traditional approach of retrofitting security onto existing structures. Gain insights into balancing security limitations with software engineering flexibility, and understand how proper architectural choices can provide peace of mind even when dealing with potentially vulnerable code or configurations.
Overview
Syllabus
37C3 - Writing secure software
Taught by
media.ccc.de
Related Courses
-
Building Secure Software Systems Using Security Patterns
-
10 Principles for Secure by Design: Baking Security into Your Systems
-
IEEE Computer Society's Center for Secure Design - Helping Design More Secure Software
-
Fix the Damned Software - Improving Application Security Design
-
Preventing Security Bugs through Software Design
-
Software Security Initiative Capabilities - Where to Begin
