Anna Oliveira

Security Blindspots and How to Learn About Them - Anna Oliveira

Automated security tools aren't enough. Learn to spot vulnerabilities yourself with this interactive terminal game for developers.

Security Blindspots and How to Learn About Them - Anna Oliveira
#1about 3 minutes

Creating a terminal game to learn secure coding practices

The project Blindspot was inspired by Rustlings to create a gamified, open-source terminal experience for practicing vulnerability identification in code.

#2about 4 minutes

Gameplay mechanics of the Blindspot security game

Blindspot presents code snippets in the terminal with multiple-choice options to identify vulnerabilities, providing detailed explanations after each correct answer.

#3about 3 minutes

Sourcing security challenges and embracing open source contributions

The game's challenges are sourced from OWASP materials and AI tools, with an open-source model designed to invite community contributions and corrections.

#4about 3 minutes

Contributing security content using simple YAML files

You can contribute new challenges and vulnerability explanations to the project by editing YAML files, without needing any knowledge of Go.

#5about 2 minutes

The personal motivation behind building a learning tool

The project was created out of a personal desire to learn and share, emphasizing the joy of coding over commercial success or viral fame.

#6about 2 minutes

Balancing automated security scanning with manual code review

While automated tools offer efficiency, they often lack application context and produce false positives, making manual code review essential for deep security analysis.

#7about 3 minutes

Navigating the career transition from engineering to security

Transitioning into a security career is challenging due to experience requirements, making internal mobility within your current company the most practical path.

#8about 1 minute

How teaching others solidifies your own technical knowledge

Explaining concepts to others is a powerful learning method because it exposes gaps in your own understanding and forces you to master the subject.

#9about 4 minutes

A call for community contributions and future localization

The project seeks community contributions for new challenges and plans to add localization to make security education accessible to a global audience.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Hands-on security training for developers
04:38 MIN

Hands-on security training for developers

How GitHub secures open source

Avoiding common security mistakes and giving better feedback
03:55 MIN

Avoiding common security mistakes and giving better feedback

The weekly developer show: Boosting Python with CUDA, CSS Updates & Navigating New Tech Stacks

Making web application security accessible to developers
01:24 MIN

Making web application security accessible to developers

What The Hack is Web App Sec?

Key takeaways on IDE and developer tool security
02:28 MIN

Key takeaways on IDE and developer tool security

You click, you lose: a practical look at VSCode's security

Introduction to developer-first security and CTFs
04:09 MIN

Introduction to developer-first security and CTFs

Capture the Flag 101

Finding resources for continuous security learning
01:25 MIN

Finding resources for continuous security learning

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Q&A on vulnerable libraries and team security responsibility
02:56 MIN

Q&A on vulnerable libraries and team security responsibility

Security Pitfalls for Software Engineers

Debating security threats and legacy system AI
00:59 MIN

Debating security threats and legacy system AI

Fake or News: LLMs Protect Each Other, Google Predicts Floods, and GitHub Copilot Loves COBOL - Niels Leenheer

Featured Partners

Related Videos

See all videos
Secure and Accessible Login Systems - Ramona Schwering
24:39

Secure and Accessible Login Systems - Ramona Schwering

Ramona Schwering

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR
40:38

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR

Anna Bacher

Securing Your Web Application Pipeline From Intruders
44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Maturity assessment for technicians or how I learned to love OWASP SAMM
1:41:05

Maturity assessment for technicians or how I learned to love OWASP SAMM

Mathias Tausig

Building Security Champions
42:40

Building Security Champions

Tanya Janca

What The Hack is Web App Sec?
24:01

What The Hack is Web App Sec?

Jackie

Coffee with Developers with Feross Aboukhadijeh of Socket about the xz backdoor
42:55

Coffee with Developers with Feross Aboukhadijeh of Socket about the xz backdoor

Feross Aboukhadijeh

Walking into the era of Supply Chain Risks
37:36

Walking into the era of Supply Chain Risks

Vandana Verma

Related Articles

View all articles
Daniel Cranney
The Overflow: 5 Security and Privacy Tools for Developers
We’re back again with another edition of the Overflow, where we share some of the best tools we’ve found from around the web that we just couldn’t cram into the already jam-packed editions of the Dev Digest. So let’s take a look at five security and ...
The Overflow: 5 Security and Privacy Tools for Developers
Dev Digest 105 - Security First
Last Friday's Dev Digest was mostly about security and game topics, so let's take a look what you didn't get in your inbox. We also covered some brand new online courses to get started as a developer or refresh your knowledge. And we wrapped up CODE1...
Dev Digest 105 - Security First

From learning to earning

Jobs that call for the skills explored in this talk.