Explore practical applications of security principles in software development through a conference talk from the 37th Chaos Communication Congress (37C3). Delve into how security concepts like Least Privilege, TCB Minimization, and Self Sandboxing can be implemented in a real-world CRUD web application. Learn about the intentional introduction of dangerous attack surfaces and the concept of append-only data storage. Discover the potential security gains achievable through architectural decisions, challenging the traditional approach of retrofitting security onto existing structures. Gain insights into balancing security limitations with software engineering flexibility, and understand how proper architectural choices can provide peace of mind even when dealing with potentially vulnerable code or configurations.
Overview
Syllabus
37C3 - Writing secure software
Taught by
media.ccc.de