SlideShare a Scribd company logo

Defensive Coding Bootcamp

Heather Downing, profile picture
Heather Downing

The document provides tips on defensive coding best practices to help developers write more secure code. It discusses topics like using secure libraries and frameworks, hashing passwords correctly, validating all user input, practicing least privilege access, and continuously learning about new security threats. The goal is to educate developers on how to think proactively about security throughout the development process.

Software
1 of 40
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Heather Downing @quorralyne Defensive Coding Bootcamp
(A Primer) …what I wished I knew when I started coding, speci fi cally on how to be 
 notashackable 
 more secure @quorralyne
(Roughly) What you get out of this Helpful tips on how to be an incrementally more secure developer Scenario examples to avoid Useful, non-language speci fi c knowledge A quick starting point/checkup before your next project @quorralyne
Yourperceptionshiftswith experienceandtime @quorralyne
@quorralyne
Don’t (always) build it yourself @quorralyne
Plan to rotate your keys @quorralyne
@quorralyne
https://tinyurl.com/CodeCovBreach Mackenzie Jackson, GitGuardian - 21 June 2021 @quorralyne
Be skeptical about the new library on the block @quorralyne
owasp.org/www-project-top-ten @quorralyne
Challenge the status quo @quorralyne
Your stack can obfuscate reality @quorralyne
An Object Relational Mapping framework can = security obfuscation ORM @quorralyne
Know what tests cover security @quorralyne
Secure app != secure data @quorralyne
Don’t assume popular tech is secure by default @quorralyne
There is more than one way to approach auth @quorralyne
Incorrect encoding & serializations are an issue @quorralyne
owasp.org/www-community/How_to_write_insecure_code @quorralyne
owasp.org/www-project-top-ten/2017/A8_2017-Insecure_Deserialization.html @quorralyne
@quorralyne
Don’t use insu ffi cient hashes @quorralyne
(Some examples) Deprecated/Insecure Hashes RC2 MD4 MD5 SHA1 owasp.org/www-project-mobile-top-10/2016-risks/m5-insu ffi cient-cryptography @quorralyne
Just because it’s available doesn’t mean it’s safe to use @quorralyne
Code your wrote, with time, will become insecure @quorralyne
www.nist.gov/cyberframework @quorralyne
Validate everything, every time @quorralyne
String comparisons are red fl ags @quorralyne
Don’t assume the user will follow your use case @quorralyne
You can be lazy and secure @quorralyne
Don’t assume all cultures have the same threat issues @quorralyne
“80% of security is a common body of knowledge.” -Marc Rogers, organizer, DEFCON @quorralyne
Get your head out of the code @quorralyne
Have a trusted person take a look @quorralyne
CORS is code for TODO @quorralyne
Verify that your environment has bare minimum security @quorralyne
Be transparent immediately @quorralyne
What do YOU wish you had known about coding defensively? @quorralyne
Heather Downing Stay Curious. quorralyne.com @quorralyne

More Related Content

PDF
Automotive OTA Security For The Connected Vehicle (ASRG Secure Our Streets 2022)
Benny Meisels
 
PDF
Open shift 4 infra deep dive
Winton Winton
 
PPTX
Azure Pipelines
Mithun Shanbhag
 
PPTX
Secure SDLC Framework
Rishi Kant
 
PPTX
Code Security with GitHub Advanced Security
Luis Fraile
 
PDF
Developing a Testing Strategy for DevOps Success
DevOps.com
 
PDF
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
Edureka!
 
PPTX
Overview of .Net Framework 4.5
Bhushan Mulmule
 
Automotive OTA Security For The Connected Vehicle (ASRG Secure Our Streets 2022)
Benny Meisels
 
Open shift 4 infra deep dive
Winton Winton
 
Azure Pipelines
Mithun Shanbhag
 
Secure SDLC Framework
Rishi Kant
 
Code Security with GitHub Advanced Security
Luis Fraile
 
Developing a Testing Strategy for DevOps Success
DevOps.com
 
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
Edureka!
 
Overview of .Net Framework 4.5
Bhushan Mulmule
 

What's hot (20)

PDF
Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...
Edureka!
 
PDF
Advanced GitHub Enterprise Administration
Lars Schneider
 
PPTX
IBM API Connect Deployment `Good Practices - IBM Think 2018
Chris Phillips
 
PPTX
SystemVerilog Assertion.pptx
Nothing!
 
PPTX
Qa in CI/CD
Adsmurai
 
ODP
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Fred Posner
 
PDF
What Can Compilers Do for Us?
National Cheng Kung University
 
PDF
Terraforming your Infrastructure on GCP
Samuel Chow
 
PPTX
SonarQube Presentation.pptx
Satwik Bhupathi Raju
 
PPTX
TestComplete – A Sophisticated Automated Testing Tool by SmartBear
Software Testing Solution
 
PPTX
Azure DevOps - Version Controlling with Git
Eng Teong Cheah
 
PPTX
Bare Metal Cluster with Kubernetes, Istio and Metallb | Nguyen Phuong An, Ngu...
Vietnam Open Infrastructure User Group
 
PDF
OpenShift Overview
roundman
 
PDF
1 intro to_dpdk_and_hw
videos
 
PDF
Docker Tutorial.pdf
MuhammadYusuf767705
 
PPTX
The Test Pyramid
Thiago Ghisi
 
PDF
Low Code Capabilities of Digital Product Design Platforms
JohnMcGuigan10
 
PPTX
Hashicorp Vault ppt
Shrey Agarwal
 
PDF
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
CloudVillage
 
PDF
DevSecOps What Why and How
NotSoSecure Global Services
 
Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...
Edureka!
 
Advanced GitHub Enterprise Administration
Lars Schneider
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
Chris Phillips
 
SystemVerilog Assertion.pptx
Nothing!
 
Qa in CI/CD
Adsmurai
 
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Fred Posner
 
What Can Compilers Do for Us?
National Cheng Kung University
 
Terraforming your Infrastructure on GCP
Samuel Chow
 
SonarQube Presentation.pptx
Satwik Bhupathi Raju
 
TestComplete – A Sophisticated Automated Testing Tool by SmartBear
Software Testing Solution
 
Azure DevOps - Version Controlling with Git
Eng Teong Cheah
 
Bare Metal Cluster with Kubernetes, Istio and Metallb | Nguyen Phuong An, Ngu...
Vietnam Open Infrastructure User Group
 
OpenShift Overview
roundman
 
1 intro to_dpdk_and_hw
videos
 
Docker Tutorial.pdf
MuhammadYusuf767705
 
The Test Pyramid
Thiago Ghisi
 
Low Code Capabilities of Digital Product Design Platforms
JohnMcGuigan10
 
Hashicorp Vault ppt
Shrey Agarwal
 
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
CloudVillage
 
DevSecOps What Why and How
NotSoSecure Global Services
 
Ad

Similar to Defensive Coding Bootcamp (20)

PPT
Developing Software with Security in Mind
sblom
 
PPTX
So You Want to be a Hacker?
Christopher Grayson
 
PDF
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
North Texas Chapter of the ISSA
 
PDF
SFSCON23 - Tommaso Bailetti - Improving developer experience in Open Source P...
South Tyrol Free Software Conference
 
PPTX
Anatomy of Java Vulnerabilities - NLJug 2018
Steve Poole
 
PPTX
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon
 
ODP
Logs And Backups
Charles Southerland
 
PPTX
Intro to INFOSEC
Sean Whalen
 
PDF
Add More Security To Your Testing and Automating - Saucecon 2021
Alan Richardson
 
PDF
All of the Amazing OpenStack Resources
Tesora
 
PPTX
The Anatomy of Java Vulnerabilities
Steve Poole
 
PPTX
Daniel Crowley - Speaking with Cryptographic Oracles
BaronZor
 
PPTX
So you wanna be a pentester - free webinar to show you how
Joe McCray
 
PDF
ChaoSlingr: Introducing Security-Based Chaos Testing
Priyanka Aash
 
PDF
The Architecture of Uncertainty
Kevlin Henney
 
PPTX
Learn to Code and Have Fun Doing It!
St. Petersburg College
 
PPTX
Cyber Security Workshop Presentation.pptx
YashSomalkar
 
PDF
From Data Science to Production - deploy, scale, enjoy! / PyData Amsterdam - ...
Sergii Khomenko
 
PDF
Splunk September 2023 User Group PDX.pdf
Amanda Richardson
 
PDF
101 ways to fail at security analytics ... and how not to do that - BSidesLV ...
Jon Hawes
 
Developing Software with Security in Mind
sblom
 
So You Want to be a Hacker?
Christopher Grayson
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
North Texas Chapter of the ISSA
 
SFSCON23 - Tommaso Bailetti - Improving developer experience in Open Source P...
South Tyrol Free Software Conference
 
Anatomy of Java Vulnerabilities - NLJug 2018
Steve Poole
 
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon
 
Logs And Backups
Charles Southerland
 
Intro to INFOSEC
Sean Whalen
 
Add More Security To Your Testing and Automating - Saucecon 2021
Alan Richardson
 
All of the Amazing OpenStack Resources
Tesora
 
The Anatomy of Java Vulnerabilities
Steve Poole
 
Daniel Crowley - Speaking with Cryptographic Oracles
BaronZor
 
So you wanna be a pentester - free webinar to show you how
Joe McCray
 
ChaoSlingr: Introducing Security-Based Chaos Testing
Priyanka Aash
 
The Architecture of Uncertainty
Kevlin Henney
 
Learn to Code and Have Fun Doing It!
St. Petersburg College
 
Cyber Security Workshop Presentation.pptx
YashSomalkar
 
From Data Science to Production - deploy, scale, enjoy! / PyData Amsterdam - ...
Sergii Khomenko
 
Splunk September 2023 User Group PDX.pdf
Amanda Richardson
 
101 ways to fail at security analytics ... and how not to do that - BSidesLV ...
Jon Hawes
 
Ad

More from Heather Downing (16)

PDF
The Care and Feeding of Software Engineers
Heather Downing
 
PDF
The Care and Feeding of Software Engineers
Heather Downing
 
PDF
The Visible Developer: Why you shouldn't blend in
Heather Downing
 
PDF
Technology is Easy, People are Hard
Heather Downing
 
PDF
Google vs Alexa: Battle of the Bots
Heather Downing
 
PDF
Speak To Me: Voice Development Practices
Heather Downing
 
PDF
Speak To Me: Developing for brands with voice interfaces
Heather Downing
 
PDF
Alexa Skills Kit with Web API on Azure
Heather Downing
 
PDF
Augmented reality intro for mobile apps
Heather Downing
 
PDF
Workshop: Building location-aware mobile apps with iBeacons
Heather Downing
 
PDF
Imposter Syndrome: Overcoming Self-Doubt in Success
Heather Downing
 
PDF
Building Location Aware Mobile Apps with iBeacons
Heather Downing
 
PPTX
Hitchhicker's Guide to Using Xamarin Forms with RESTful Services
Heather Downing
 
PPTX
Intro to Building Mobile Apps with Xamarin
Heather Downing
 
PDF
Smaller Not Taller: Defeating the mobile application architecture giant
Heather Downing
 
PPTX
ESKCSW Presentation - Nov 2013
Heather Downing
 
The Care and Feeding of Software Engineers
Heather Downing
 
The Care and Feeding of Software Engineers
Heather Downing
 
The Visible Developer: Why you shouldn't blend in
Heather Downing
 
Technology is Easy, People are Hard
Heather Downing
 
Google vs Alexa: Battle of the Bots
Heather Downing
 
Speak To Me: Voice Development Practices
Heather Downing
 
Speak To Me: Developing for brands with voice interfaces
Heather Downing
 
Alexa Skills Kit with Web API on Azure
Heather Downing
 
Augmented reality intro for mobile apps
Heather Downing
 
Workshop: Building location-aware mobile apps with iBeacons
Heather Downing
 
Imposter Syndrome: Overcoming Self-Doubt in Success
Heather Downing
 
Building Location Aware Mobile Apps with iBeacons
Heather Downing
 
Hitchhicker's Guide to Using Xamarin Forms with RESTful Services
Heather Downing
 
Intro to Building Mobile Apps with Xamarin
Heather Downing
 
Smaller Not Taller: Defeating the mobile application architecture giant
Heather Downing
 
ESKCSW Presentation - Nov 2013
Heather Downing
 

Recently uploaded (20)

PPTX
Computer Software and OS of computer science of grade 11.pptx
GauravDahal9
 
PPTX
assetexplorer- product-overview - presentation
nonameist3434
 
PPTX
Embracing Complexity in Serverless! GOTO Serverless Bengaluru
SheenBrisals
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Computer Software and OS of computer science of grade 11.pptx
GauravDahal9
 
assetexplorer- product-overview - presentation
nonameist3434
 
Embracing Complexity in Serverless! GOTO Serverless Bengaluru
SheenBrisals
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
System and Network Administraation Chapter 3
jaramharo
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
Introduction to Artificial Intelligence
lohedi9363
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
System and Network Administration Chapter 2
jaramharo
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 

Defensive Coding Bootcamp