Learn essential defensive coding techniques in this 51-minute conference talk from NDC Melbourne 2022. Explore security vulnerabilities and evasive coding maneuvers to enhance software security across all programming languages. Discover the importance of key rotation, library vetting, and challenging the status quo. Examine how stack choices can impact security, the significance of security-focused testing, and the complexities of authentication approaches. Address issues related to encoding, serialization, and string comparisons. Consider cultural differences in threat assessment and the value of external code reviews. Gain insights on CORS implementation, environment security, and other crucial aspects of defensive programming applicable to developers of all skill levels.
Overview
Syllabus
Defensive Coding Bootcamp
Don't (always) build it yourself
Plan to rotate your keys
Be skeptical about the new library on the block
Challenge the status quo
Your stack can obfuscate reality
Know what tests cover security
Secure app!-secure data
There is more than one way to approach auth
Incorrect encoding & serializations are an issue
Code your wrote, with time, will become insecure
String comparisons are red flags
Don't assume the user will follow your use case
Don't assume all cultures have same threat issues
Get your head out of the code
Have a trusted person take a look
CORS is code for TODO
Verify that your environment has bare minimum security
What do YOU wish you had known about coding defensively?
Taught by
NDC Conferences
