Learn essential defensive coding techniques to enhance software security in this 45-minute conference talk from NDC Oslo 2022. Explore common vulnerabilities and evasive coding strategies applicable across programming languages. Discover the importance of key rotation, library vetting, and challenging conventional practices. Understand how ORMs can obscure security risks, the significance of security-focused testing, and the distinction between secure applications and secure data. Delve into authentication approaches, encoding and serialization pitfalls, and the critical need for thorough input validation. Gain insights on threat modeling, seeking external security reviews, and maintaining transparency in security incidents. Suitable for developers of all levels, this code-centric presentation offers practical examples and fundamental principles to fortify your software against potential attacks.
Overview
Syllabus
Defensive Coding Bootcamp
Plan to rotate your keys
Be skeptical about the new library on the block
Challenge the status quo
Your stack can obfuscate reality
ORM
Know what tests cover security
Secure app!= secure data
There is more than one way to approach auth
Incorrect encoding & serializations are an issue
Validate everything, every time
Don't assume the user will follow your use case
the same threat issues
80% of security is a common body of knowledge.
Get your head out of the code
Have a trusted person take a look
Verify that your environment has bare minimum security
Be transparent immediately
What do YOU wish you had known about coding defensively?
Taught by
NDC Conferences
