Learn essential defensive coding techniques to enhance software security in this conference talk from NDC London 2023. Explore common security vulnerabilities and evasive coding strategies applicable to developers of all skill levels and programming languages. Discover the importance of skepticism towards new libraries, challenging the status quo, and understanding the limitations of popular technologies. Gain insights into proper authentication approaches, encoding and serialization issues, and the significance of sufficient hashing techniques. Examine the risks of outdated code, string comparisons, and assumptions about user behavior. Acquire practical tips for maintaining security while balancing efficiency, collaborating with trusted individuals, and ensuring minimum security standards in development environments.
Overview
Syllabus
Intro
Don't (always) build it yourself
Be skeptical about the new library on the block
Challenge the status quo
Your stack can obfuscate reality
Know what tests cover security
Don't assume popular tech is secure by default
There is more than one way to approach auth
Incorrect encoding & serializations are an issue
Don't use insufficient hashes
Code your wrote, with time, will become insecure
String comparisons are red flags
Don't assume the user will follow your use case
You can be lazy and secure
Get your head out of the code
Have a trusted person take a look
Verify that your environment has bare minimum security
What do YOU wish you had known about coding defensively?
Taught by
NDC Conferences
