After a decade of writing code, I joined the application security team. During the transition process, I discovered that there are many myths about security, and how difficult it is. Often devs choose to ignore it because they think that writing more secure code would take them ages. It is not true. Security doesn’t have to be scary. From my talk, you will learn the most useful piece from the Application Security theory. It will be practical and not boring at all.
There are so many myths about security, and how difficult it is. Often devs choose to ignore it because they think that writing more secure code would take them ages. It is not true. Security doesn’t have to be scary. In my talk, I share 5 tips that can almost immediately make a product more secure. After a decade of writing code, I joined the application security team. During the transition process, I discovered that there are a few pieces of security theory that would have made my life as a developer much more painless if I had known them before. - Always validate the input - Do not commit credentials into your repository - Use scanners to find vulnerabilities - Learn CIA triad - Confidentiality, Integrity and Availability can be a useful framework to develop a security mindset. This is a simple yet powerful piece of theory. It can be a base of threat modeling of a whole project but can also work on a level of a single user story. - When in doubt, ask your security team for help
Speakers: Wiktoria Dalach