SlideShare a Scribd company logo

Defensive Coding Bootcamp

Heather Downing
Heather Downing

The document provides tips on defensive coding best practices to help developers write more secure code. It discusses topics like using secure libraries and frameworks, hashing passwords correctly, validating all user input, practicing least privilege access, and continuously learning about new security threats. The goal is to educate developers on how to think proactively about security throughout the development process.

Software
1 of 40
Download to read offline
Heather Downing @quorralyne Defensive Coding Bootcamp
(A Primer) …what I wished I knew when I started coding, speci fi cally on how to be 
 notashackable 
 more secure @quorralyne
(Roughly) What you get out of this Helpful tips on how to be an incrementally more secure developer Scenario examples to avoid Useful, non-language speci fi c knowledge A quick starting point/checkup before your next project @quorralyne
Yourperceptionshiftswith experienceandtime @quorralyne
@quorralyne
Don’t (always) build it yourself @quorralyne
Plan to rotate your keys @quorralyne
@quorralyne
https://tinyurl.com/CodeCovBreach Mackenzie Jackson, GitGuardian - 21 June 2021 @quorralyne
Be skeptical about the new library on the block @quorralyne
owasp.org/www-project-top-ten @quorralyne
Challenge the status quo @quorralyne
Your stack can obfuscate reality @quorralyne
An Object Relational Mapping framework can = security obfuscation ORM @quorralyne
Know what tests cover security @quorralyne
Secure app != secure data @quorralyne
Don’t assume popular tech is secure by default @quorralyne
There is more than one way to approach auth @quorralyne
Incorrect encoding & serializations are an issue @quorralyne
owasp.org/www-community/How_to_write_insecure_code @quorralyne
owasp.org/www-project-top-ten/2017/A8_2017-Insecure_Deserialization.html @quorralyne
@quorralyne
Don’t use insu ffi cient hashes @quorralyne
(Some examples) Deprecated/Insecure Hashes RC2 MD4 MD5 SHA1 owasp.org/www-project-mobile-top-10/2016-risks/m5-insu ffi cient-cryptography @quorralyne
Just because it’s available doesn’t mean it’s safe to use @quorralyne
Code your wrote, with time, will become insecure @quorralyne
www.nist.gov/cyberframework @quorralyne
Validate everything, every time @quorralyne
String comparisons are red fl ags @quorralyne
Don’t assume the user will follow your use case @quorralyne
You can be lazy and secure @quorralyne
Don’t assume all cultures have the same threat issues @quorralyne
“80% of security is a common body of knowledge.” -Marc Rogers, organizer, DEFCON @quorralyne
Get your head out of the code @quorralyne
Have a trusted person take a look @quorralyne
CORS is code for TODO @quorralyne
Verify that your environment has bare minimum security @quorralyne
Be transparent immediately @quorralyne
What do YOU wish you had known about coding defensively? @quorralyne
Heather Downing Stay Curious. quorralyne.com @quorralyne

Recommended

How to React to JavaScript Insecurity
How to React to JavaScript InsecurityHow to React to JavaScript Insecurity
How to React to JavaScript Insecurity
Ksenia Peguero
 
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
Mikhail Egorov
 
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS FilterX-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
Masato Kinugawa
 
PySpark Best Practices
PySpark Best PracticesPySpark Best Practices
PySpark Best Practices
Cloudera, Inc.
 
Web Cache Deception Attack
Web Cache Deception AttackWeb Cache Deception Attack
Web Cache Deception Attack
Omer Gil
 
File upload vulnerabilities & mitigation
File upload vulnerabilities & mitigationFile upload vulnerabilities & mitigation
File upload vulnerabilities & mitigation
Onwukike Chinedu. CISA, CEH, COBIT5 LI, CCNP
 
なぜ自社で脆弱性診断を行うべきなのか
なぜ自社で脆弱性診断を行うべきなのかなぜ自社で脆弱性診断を行うべきなのか
なぜ自社で脆弱性診断を行うべきなのか
Sen Ueno
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
Aditya Gupta
 

Recommended

How to React to JavaScript Insecurity
How to React to JavaScript InsecurityHow to React to JavaScript Insecurity
How to React to JavaScript Insecurity
Ksenia Peguero
 
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
Mikhail Egorov
 
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS FilterX-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
Masato Kinugawa
 
PySpark Best Practices
PySpark Best PracticesPySpark Best Practices
PySpark Best Practices
Cloudera, Inc.
 
Web Cache Deception Attack
Web Cache Deception AttackWeb Cache Deception Attack
Web Cache Deception Attack
Omer Gil
 
File upload vulnerabilities & mitigation
File upload vulnerabilities & mitigationFile upload vulnerabilities & mitigation
File upload vulnerabilities & mitigation
Onwukike Chinedu. CISA, CEH, COBIT5 LI, CCNP
 
なぜ自社で脆弱性診断を行うべきなのか
なぜ自社で脆弱性診断を行うべきなのかなぜ自社で脆弱性診断を行うべきなのか
なぜ自社で脆弱性診断を行うべきなのか
Sen Ueno
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
Aditya Gupta
 
Finding Your Way in Container Security
Finding Your Way in Container SecurityFinding Your Way in Container Security
Finding Your Way in Container Security
Ksenia Peguero
 
Getting Started with Confluent Schema Registry
Getting Started with Confluent Schema RegistryGetting Started with Confluent Schema Registry
Getting Started with Confluent Schema Registry
confluent
 
우린 같은 곳을 바라 보고 있나요?
우린 같은 곳을 바라 보고 있나요?우린 같은 곳을 바라 보고 있나요?
우린 같은 곳을 바라 보고 있나요?
Arawn Park
 
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 EditionGoing Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Soroush Dalili
 
Avro Tutorial - Records with Schema for Kafka and Hadoop
Avro Tutorial - Records with Schema for Kafka and HadoopAvro Tutorial - Records with Schema for Kafka and Hadoop
Avro Tutorial - Records with Schema for Kafka and Hadoop
Jean-Paul Azar
 
Offzone | Another waf bypass
Offzone | Another waf bypassOffzone | Another waf bypass
Offzone | Another waf bypass
Дмитрий Бумов
 
우아한 모노리스
우아한 모노리스우아한 모노리스
우아한 모노리스
Arawn Park
 
Chaos Engineering with Kubernetes - Berlin / Hamburg Chaos Engineering Meetup...
Chaos Engineering with Kubernetes - Berlin / Hamburg Chaos Engineering Meetup...Chaos Engineering with Kubernetes - Berlin / Hamburg Chaos Engineering Meetup...
Chaos Engineering with Kubernetes - Berlin / Hamburg Chaos Engineering Meetup...
Ana Medina
 
Attacking thru HTTP Host header
Attacking thru HTTP Host headerAttacking thru HTTP Host header
Attacking thru HTTP Host header
Sergey Belov
 
How to build a streaming Lakehouse with Flink, Kafka, and Hudi
How to build a streaming Lakehouse with Flink, Kafka, and HudiHow to build a streaming Lakehouse with Flink, Kafka, and Hudi
How to build a streaming Lakehouse with Flink, Kafka, and Hudi
Flink Forward
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
Michael Gough
 
Data Science Across Data Sources with Apache Arrow
Data Science Across Data Sources with Apache ArrowData Science Across Data Sources with Apache Arrow
Data Science Across Data Sources with Apache Arrow
Databricks
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
Frans Rosén
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find Them
Ross Wolf
 
Stream Processing with Apache Kafka and .NET
Stream Processing with Apache Kafka and .NETStream Processing with Apache Kafka and .NET
Stream Processing with Apache Kafka and .NET
confluent
 
Developing High-Impact Malware with Minimal Effort.pptx
Developing High-Impact Malware with Minimal Effort.pptxDeveloping High-Impact Malware with Minimal Effort.pptx
Developing High-Impact Malware with Minimal Effort.pptx
Elvin Gentiles
 
Kanban e Scrum: obtendo o melhor de ambos
Kanban e Scrum: obtendo o melhor de ambosKanban e Scrum: obtendo o melhor de ambos
Kanban e Scrum: obtendo o melhor de ambos
MBA em Marketing Digital e Gestão de Projetos Web
 
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
joaomatosf_
 
PHP Security
PHP SecurityPHP Security
PHP Security
Mindfire Solutions
 
Attacking and defending GraphQL applications: a hands-on approach
Attacking and defending GraphQL applications: a hands-on approach Attacking and defending GraphQL applications: a hands-on approach
Attacking and defending GraphQL applications: a hands-on approach
Davide Cioccia
 
Developing Software with Security in Mind
Developing Software with Security in MindDeveloping Software with Security in Mind
Developing Software with Security in Mind
sblom
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
Christopher Grayson
 

More Related Content

What's hot

Finding Your Way in Container Security
Finding Your Way in Container SecurityFinding Your Way in Container Security
Finding Your Way in Container Security
Ksenia Peguero
 
Getting Started with Confluent Schema Registry
Getting Started with Confluent Schema RegistryGetting Started with Confluent Schema Registry
Getting Started with Confluent Schema Registry
confluent
 
우린 같은 곳을 바라 보고 있나요?
우린 같은 곳을 바라 보고 있나요?우린 같은 곳을 바라 보고 있나요?
우린 같은 곳을 바라 보고 있나요?
Arawn Park
 
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 EditionGoing Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Soroush Dalili
 
Avro Tutorial - Records with Schema for Kafka and Hadoop
Avro Tutorial - Records with Schema for Kafka and HadoopAvro Tutorial - Records with Schema for Kafka and Hadoop
Avro Tutorial - Records with Schema for Kafka and Hadoop
Jean-Paul Azar
 
Offzone | Another waf bypass
Offzone | Another waf bypassOffzone | Another waf bypass
Offzone | Another waf bypass
Дмитрий Бумов
 
우아한 모노리스
우아한 모노리스우아한 모노리스
우아한 모노리스
Arawn Park
 
Chaos Engineering with Kubernetes - Berlin / Hamburg Chaos Engineering Meetup...
Chaos Engineering with Kubernetes - Berlin / Hamburg Chaos Engineering Meetup...Chaos Engineering with Kubernetes - Berlin / Hamburg Chaos Engineering Meetup...
Chaos Engineering with Kubernetes - Berlin / Hamburg Chaos Engineering Meetup...
Ana Medina
 
Attacking thru HTTP Host header
Attacking thru HTTP Host headerAttacking thru HTTP Host header
Attacking thru HTTP Host header
Sergey Belov
 
How to build a streaming Lakehouse with Flink, Kafka, and Hudi
How to build a streaming Lakehouse with Flink, Kafka, and HudiHow to build a streaming Lakehouse with Flink, Kafka, and Hudi
How to build a streaming Lakehouse with Flink, Kafka, and Hudi
Flink Forward
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
Michael Gough
 
Data Science Across Data Sources with Apache Arrow
Data Science Across Data Sources with Apache ArrowData Science Across Data Sources with Apache Arrow
Data Science Across Data Sources with Apache Arrow
Databricks
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
Frans Rosén
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find Them
Ross Wolf
 
Stream Processing with Apache Kafka and .NET
Stream Processing with Apache Kafka and .NETStream Processing with Apache Kafka and .NET
Stream Processing with Apache Kafka and .NET
confluent
 
Developing High-Impact Malware with Minimal Effort.pptx
Developing High-Impact Malware with Minimal Effort.pptxDeveloping High-Impact Malware with Minimal Effort.pptx
Developing High-Impact Malware with Minimal Effort.pptx
Elvin Gentiles
 
Kanban e Scrum: obtendo o melhor de ambos
Kanban e Scrum: obtendo o melhor de ambosKanban e Scrum: obtendo o melhor de ambos
Kanban e Scrum: obtendo o melhor de ambos
MBA em Marketing Digital e Gestão de Projetos Web
 
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
joaomatosf_
 
PHP Security
PHP SecurityPHP Security
PHP Security
Mindfire Solutions
 
Attacking and defending GraphQL applications: a hands-on approach
Attacking and defending GraphQL applications: a hands-on approach Attacking and defending GraphQL applications: a hands-on approach
Attacking and defending GraphQL applications: a hands-on approach
Davide Cioccia
 

What's hot (20)

Finding Your Way in Container Security
Finding Your Way in Container SecurityFinding Your Way in Container Security
Finding Your Way in Container Security
 
Getting Started with Confluent Schema Registry
Getting Started with Confluent Schema RegistryGetting Started with Confluent Schema Registry
Getting Started with Confluent Schema Registry
 
우린 같은 곳을 바라 보고 있나요?
우린 같은 곳을 바라 보고 있나요?우린 같은 곳을 바라 보고 있나요?
우린 같은 곳을 바라 보고 있나요?
 
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 EditionGoing Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
 
Avro Tutorial - Records with Schema for Kafka and Hadoop
Avro Tutorial - Records with Schema for Kafka and HadoopAvro Tutorial - Records with Schema for Kafka and Hadoop
Avro Tutorial - Records with Schema for Kafka and Hadoop
 
Offzone | Another waf bypass
Offzone | Another waf bypassOffzone | Another waf bypass
Offzone | Another waf bypass
 
우아한 모노리스
우아한 모노리스우아한 모노리스
우아한 모노리스
 
Chaos Engineering with Kubernetes - Berlin / Hamburg Chaos Engineering Meetup...
Chaos Engineering with Kubernetes - Berlin / Hamburg Chaos Engineering Meetup...Chaos Engineering with Kubernetes - Berlin / Hamburg Chaos Engineering Meetup...
Chaos Engineering with Kubernetes - Berlin / Hamburg Chaos Engineering Meetup...
 
Attacking thru HTTP Host header
Attacking thru HTTP Host headerAttacking thru HTTP Host header
Attacking thru HTTP Host header
 
How to build a streaming Lakehouse with Flink, Kafka, and Hudi
How to build a streaming Lakehouse with Flink, Kafka, and HudiHow to build a streaming Lakehouse with Flink, Kafka, and Hudi
How to build a streaming Lakehouse with Flink, Kafka, and Hudi
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
 
Data Science Across Data Sources with Apache Arrow
Data Science Across Data Sources with Apache ArrowData Science Across Data Sources with Apache Arrow
Data Science Across Data Sources with Apache Arrow
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find Them
 
Stream Processing with Apache Kafka and .NET
Stream Processing with Apache Kafka and .NETStream Processing with Apache Kafka and .NET
Stream Processing with Apache Kafka and .NET
 
Developing High-Impact Malware with Minimal Effort.pptx
Developing High-Impact Malware with Minimal Effort.pptxDeveloping High-Impact Malware with Minimal Effort.pptx
Developing High-Impact Malware with Minimal Effort.pptx
 
Kanban e Scrum: obtendo o melhor de ambos
Kanban e Scrum: obtendo o melhor de ambosKanban e Scrum: obtendo o melhor de ambos
Kanban e Scrum: obtendo o melhor de ambos
 
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
 
PHP Security
PHP SecurityPHP Security
PHP Security
 
Attacking and defending GraphQL applications: a hands-on approach
Attacking and defending GraphQL applications: a hands-on approach Attacking and defending GraphQL applications: a hands-on approach
Attacking and defending GraphQL applications: a hands-on approach
 

Similar to Defensive Coding Bootcamp

Developing Software with Security in Mind
Developing Software with Security in MindDeveloping Software with Security in Mind
Developing Software with Security in Mind
sblom
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
Christopher Grayson
 
RSA Conference APJ 2019 DevSecOps Days Security Chaos Engineering
RSA Conference APJ 2019 DevSecOps Days Security Chaos EngineeringRSA Conference APJ 2019 DevSecOps Days Security Chaos Engineering
RSA Conference APJ 2019 DevSecOps Days Security Chaos Engineering
Aaron Rinehart
 
OWASP AppSec Global 2019 Security & Chaos Engineering
OWASP AppSec Global 2019 Security & Chaos EngineeringOWASP AppSec Global 2019 Security & Chaos Engineering
OWASP AppSec Global 2019 Security & Chaos Engineering
Aaron Rinehart
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
North Texas Chapter of the ISSA
 
SFSCON23 - Tommaso Bailetti - Improving developer experience in Open Source P...
SFSCON23 - Tommaso Bailetti - Improving developer experience in Open Source P...SFSCON23 - Tommaso Bailetti - Improving developer experience in Open Source P...
SFSCON23 - Tommaso Bailetti - Improving developer experience in Open Source P...
South Tyrol Free Software Conference
 
Anatomy of Java Vulnerabilities - NLJug 2018
Anatomy of Java Vulnerabilities - NLJug 2018Anatomy of Java Vulnerabilities - NLJug 2018
Anatomy of Java Vulnerabilities - NLJug 2018
Steve Poole
 
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya JancaDevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon
 
ADDO - Navigating the DevSecOps App-ocalypse 2020
ADDO - Navigating the DevSecOps App-ocalypse 2020 ADDO - Navigating the DevSecOps App-ocalypse 2020
ADDO - Navigating the DevSecOps App-ocalypse 2020
Aaron Rinehart
 
Pivotal APJ Security Chaos Engineering
Pivotal APJ Security Chaos EngineeringPivotal APJ Security Chaos Engineering
Pivotal APJ Security Chaos Engineering
Aaron Rinehart
 
Logs And Backups
Logs And BackupsLogs And Backups
Logs And Backups
Charles Southerland
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
Sean Whalen
 
Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021
Alan Richardson
 
All of the Amazing OpenStack Resources
All of the Amazing OpenStack ResourcesAll of the Amazing OpenStack Resources
All of the Amazing OpenStack Resources
Tesora
 
The Anatomy of Java Vulnerabilities
The Anatomy of Java VulnerabilitiesThe Anatomy of Java Vulnerabilities
The Anatomy of Java Vulnerabilities
Steve Poole
 
Daniel Crowley - Speaking with Cryptographic Oracles
Daniel Crowley - Speaking with Cryptographic OraclesDaniel Crowley - Speaking with Cryptographic Oracles
Daniel Crowley - Speaking with Cryptographic Oracles
BaronZor
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you how
Joe McCray
 
ChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos Testing
Priyanka Aash
 
AllDayDevOps Security Chaos Engineering 2019
AllDayDevOps Security Chaos Engineering 2019 AllDayDevOps Security Chaos Engineering 2019
AllDayDevOps Security Chaos Engineering 2019
Aaron Rinehart
 
The Architecture of Uncertainty
The Architecture of UncertaintyThe Architecture of Uncertainty
The Architecture of Uncertainty
Kevlin Henney
 

Similar to Defensive Coding Bootcamp (20)

Developing Software with Security in Mind
Developing Software with Security in MindDeveloping Software with Security in Mind
Developing Software with Security in Mind
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
 
RSA Conference APJ 2019 DevSecOps Days Security Chaos Engineering
RSA Conference APJ 2019 DevSecOps Days Security Chaos EngineeringRSA Conference APJ 2019 DevSecOps Days Security Chaos Engineering
RSA Conference APJ 2019 DevSecOps Days Security Chaos Engineering
 
OWASP AppSec Global 2019 Security & Chaos Engineering
OWASP AppSec Global 2019 Security & Chaos EngineeringOWASP AppSec Global 2019 Security & Chaos Engineering
OWASP AppSec Global 2019 Security & Chaos Engineering
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
 
SFSCON23 - Tommaso Bailetti - Improving developer experience in Open Source P...
SFSCON23 - Tommaso Bailetti - Improving developer experience in Open Source P...SFSCON23 - Tommaso Bailetti - Improving developer experience in Open Source P...
SFSCON23 - Tommaso Bailetti - Improving developer experience in Open Source P...
 
Anatomy of Java Vulnerabilities - NLJug 2018
Anatomy of Java Vulnerabilities - NLJug 2018Anatomy of Java Vulnerabilities - NLJug 2018
Anatomy of Java Vulnerabilities - NLJug 2018
 
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya JancaDevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
 
ADDO - Navigating the DevSecOps App-ocalypse 2020
ADDO - Navigating the DevSecOps App-ocalypse 2020 ADDO - Navigating the DevSecOps App-ocalypse 2020
ADDO - Navigating the DevSecOps App-ocalypse 2020
 
Pivotal APJ Security Chaos Engineering
Pivotal APJ Security Chaos EngineeringPivotal APJ Security Chaos Engineering
Pivotal APJ Security Chaos Engineering
 
Logs And Backups
Logs And BackupsLogs And Backups
Logs And Backups
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021
 
All of the Amazing OpenStack Resources
All of the Amazing OpenStack ResourcesAll of the Amazing OpenStack Resources
All of the Amazing OpenStack Resources
 
The Anatomy of Java Vulnerabilities
The Anatomy of Java VulnerabilitiesThe Anatomy of Java Vulnerabilities
The Anatomy of Java Vulnerabilities
 
Daniel Crowley - Speaking with Cryptographic Oracles
Daniel Crowley - Speaking with Cryptographic OraclesDaniel Crowley - Speaking with Cryptographic Oracles
Daniel Crowley - Speaking with Cryptographic Oracles
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you how
 
ChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos Testing
 
AllDayDevOps Security Chaos Engineering 2019
AllDayDevOps Security Chaos Engineering 2019 AllDayDevOps Security Chaos Engineering 2019
AllDayDevOps Security Chaos Engineering 2019
 
The Architecture of Uncertainty
The Architecture of UncertaintyThe Architecture of Uncertainty
The Architecture of Uncertainty
 

More from Heather Downing

The Care and Feeding of Software Engineers
The Care and Feeding of Software EngineersThe Care and Feeding of Software Engineers
The Care and Feeding of Software Engineers
Heather Downing
 
The Care and Feeding of Software Engineers
The Care and Feeding of Software EngineersThe Care and Feeding of Software Engineers
The Care and Feeding of Software Engineers
Heather Downing
 
The Visible Developer: Why you shouldn't blend in
The Visible Developer: Why you shouldn't blend inThe Visible Developer: Why you shouldn't blend in
The Visible Developer: Why you shouldn't blend in
Heather Downing
 
Technology is Easy, People are Hard
Technology is Easy, People are HardTechnology is Easy, People are Hard
Technology is Easy, People are Hard
Heather Downing
 
Google vs Alexa: Battle of the Bots
Google vs Alexa: Battle of the BotsGoogle vs Alexa: Battle of the Bots
Google vs Alexa: Battle of the Bots
Heather Downing
 
Speak To Me: Voice Development Practices
Speak To Me: Voice Development PracticesSpeak To Me: Voice Development Practices
Speak To Me: Voice Development Practices
Heather Downing
 
Speak To Me: Developing for brands with voice interfaces
Speak To Me: Developing for brands with voice interfacesSpeak To Me: Developing for brands with voice interfaces
Speak To Me: Developing for brands with voice interfaces
Heather Downing
 
Alexa Skills Kit with Web API on Azure
Alexa Skills Kit with Web API on AzureAlexa Skills Kit with Web API on Azure
Alexa Skills Kit with Web API on Azure
Heather Downing
 
Augmented reality intro for mobile apps
Augmented reality intro for mobile appsAugmented reality intro for mobile apps
Augmented reality intro for mobile apps
Heather Downing
 
Workshop: Building location-aware mobile apps with iBeacons
Workshop: Building location-aware mobile apps with iBeaconsWorkshop: Building location-aware mobile apps with iBeacons
Workshop: Building location-aware mobile apps with iBeacons
Heather Downing
 
Imposter Syndrome: Overcoming Self-Doubt in Success
Imposter Syndrome: Overcoming Self-Doubt in SuccessImposter Syndrome: Overcoming Self-Doubt in Success
Imposter Syndrome: Overcoming Self-Doubt in Success
Heather Downing
 
Building Location Aware Mobile Apps with iBeacons
Building Location Aware Mobile Apps with iBeaconsBuilding Location Aware Mobile Apps with iBeacons
Building Location Aware Mobile Apps with iBeacons
Heather Downing
 
Hitchhicker's Guide to Using Xamarin Forms with RESTful Services
Hitchhicker's Guide to Using Xamarin Forms with RESTful ServicesHitchhicker's Guide to Using Xamarin Forms with RESTful Services
Hitchhicker's Guide to Using Xamarin Forms with RESTful Services
Heather Downing
 
Intro to Building Mobile Apps with Xamarin
Intro to Building Mobile Apps with XamarinIntro to Building Mobile Apps with Xamarin
Intro to Building Mobile Apps with Xamarin
Heather Downing
 
Smaller Not Taller: Defeating the mobile application architecture giant
Smaller Not Taller: Defeating the mobile application architecture giantSmaller Not Taller: Defeating the mobile application architecture giant
Smaller Not Taller: Defeating the mobile application architecture giant
Heather Downing
 
ESKCSW Presentation - Nov 2013
ESKCSW Presentation - Nov 2013ESKCSW Presentation - Nov 2013
ESKCSW Presentation - Nov 2013
Heather Downing
 

More from Heather Downing (16)

The Care and Feeding of Software Engineers
The Care and Feeding of Software EngineersThe Care and Feeding of Software Engineers
The Care and Feeding of Software Engineers
 
The Care and Feeding of Software Engineers
The Care and Feeding of Software EngineersThe Care and Feeding of Software Engineers
The Care and Feeding of Software Engineers
 
The Visible Developer: Why you shouldn't blend in
The Visible Developer: Why you shouldn't blend inThe Visible Developer: Why you shouldn't blend in
The Visible Developer: Why you shouldn't blend in
 
Technology is Easy, People are Hard
Technology is Easy, People are HardTechnology is Easy, People are Hard
Technology is Easy, People are Hard
 
Google vs Alexa: Battle of the Bots
Google vs Alexa: Battle of the BotsGoogle vs Alexa: Battle of the Bots
Google vs Alexa: Battle of the Bots
 
Speak To Me: Voice Development Practices
Speak To Me: Voice Development PracticesSpeak To Me: Voice Development Practices
Speak To Me: Voice Development Practices
 
Speak To Me: Developing for brands with voice interfaces
Speak To Me: Developing for brands with voice interfacesSpeak To Me: Developing for brands with voice interfaces
Speak To Me: Developing for brands with voice interfaces
 
Alexa Skills Kit with Web API on Azure
Alexa Skills Kit with Web API on AzureAlexa Skills Kit with Web API on Azure
Alexa Skills Kit with Web API on Azure
 
Augmented reality intro for mobile apps
Augmented reality intro for mobile appsAugmented reality intro for mobile apps
Augmented reality intro for mobile apps
 
Workshop: Building location-aware mobile apps with iBeacons
Workshop: Building location-aware mobile apps with iBeaconsWorkshop: Building location-aware mobile apps with iBeacons
Workshop: Building location-aware mobile apps with iBeacons
 
Imposter Syndrome: Overcoming Self-Doubt in Success
Imposter Syndrome: Overcoming Self-Doubt in SuccessImposter Syndrome: Overcoming Self-Doubt in Success
Imposter Syndrome: Overcoming Self-Doubt in Success
 
Building Location Aware Mobile Apps with iBeacons
Building Location Aware Mobile Apps with iBeaconsBuilding Location Aware Mobile Apps with iBeacons
Building Location Aware Mobile Apps with iBeacons
 
Hitchhicker's Guide to Using Xamarin Forms with RESTful Services
Hitchhicker's Guide to Using Xamarin Forms with RESTful ServicesHitchhicker's Guide to Using Xamarin Forms with RESTful Services
Hitchhicker's Guide to Using Xamarin Forms with RESTful Services
 
Intro to Building Mobile Apps with Xamarin
Intro to Building Mobile Apps with XamarinIntro to Building Mobile Apps with Xamarin
Intro to Building Mobile Apps with Xamarin
 
Smaller Not Taller: Defeating the mobile application architecture giant
Smaller Not Taller: Defeating the mobile application architecture giantSmaller Not Taller: Defeating the mobile application architecture giant
Smaller Not Taller: Defeating the mobile application architecture giant
 
ESKCSW Presentation - Nov 2013
ESKCSW Presentation - Nov 2013ESKCSW Presentation - Nov 2013
ESKCSW Presentation - Nov 2013
 

Recently uploaded

Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
TaghreedAltamimi
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
aymanquadri279
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
Hornet Dynamics
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
brainerhub1
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
Requirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional SafetyRequirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional Safety
Ayan Halder
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
Philip Schwarz
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
ICS
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
Yara Milbes
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
mz5nrf0n
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 

Recently uploaded (20)

Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
Requirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional SafetyRequirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional Safety
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 

Defensive Coding Bootcamp