Overview
Syllabus
Intro
Don't (always) build it yourself
Be skeptical about the new library on the block
Challenge the status quo
Your stack can obfuscate reality
Know what tests cover security
Don't assume popular tech is secure by default
There is more than one way to approach auth
Incorrect encoding & serializations are an issue
Don't use insufficient hashes
Code your wrote, with time, will become insecure
String comparisons are red flags
Don't assume the user will follow your use case
You can be lazy and secure
Get your head out of the code
Have a trusted person take a look
Verify that your environment has bare minimum security
What do YOU wish you had known about coding defensively?
Taught by
NDC Conferences