Anna Oliveira

Security Blindspots and How to Learn About Them - Anna Oliveira

Automated security tools aren't enough. Learn to spot vulnerabilities yourself with this interactive terminal game for developers.

Security Blindspots and How to Learn About Them - Anna Oliveira
#1about 3 minutes

Creating a terminal game to learn secure coding practices

The project Blindspot was inspired by Rustlings to create a gamified, open-source terminal experience for practicing vulnerability identification in code.

#2about 4 minutes

Gameplay mechanics of the Blindspot security game

Blindspot presents code snippets in the terminal with multiple-choice options to identify vulnerabilities, providing detailed explanations after each correct answer.

#3about 3 minutes

Sourcing security challenges and embracing open source contributions

The game's challenges are sourced from OWASP materials and AI tools, with an open-source model designed to invite community contributions and corrections.

#4about 3 minutes

Contributing security content using simple YAML files

You can contribute new challenges and vulnerability explanations to the project by editing YAML files, without needing any knowledge of Go.

#5about 2 minutes

The personal motivation behind building a learning tool

The project was created out of a personal desire to learn and share, emphasizing the joy of coding over commercial success or viral fame.

#6about 2 minutes

Balancing automated security scanning with manual code review

While automated tools offer efficiency, they often lack application context and produce false positives, making manual code review essential for deep security analysis.

#7about 3 minutes

Navigating the career transition from engineering to security

Transitioning into a security career is challenging due to experience requirements, making internal mobility within your current company the most practical path.

#8about 1 minute

How teaching others solidifies your own technical knowledge

Explaining concepts to others is a powerful learning method because it exposes gaps in your own understanding and forces you to master the subject.

#9about 4 minutes

A call for community contributions and future localization

The project seeks community contributions for new challenges and plans to add localization to make security education accessible to a global audience.

Related jobs
Jobs that call for the skills explored in this talk.

Software Engineer

tree-IT GmbH

tree-IT GmbH
Bad Neustadt an der Saale, Germany

54-80K
Intermediate
Senior
Java
TypeScript
+1

Matching moments

Hands-on security training for developers
14:17 MIN

Hands-on security training for developers

How GitHub secures open source

Avoiding common security mistakes and giving better feedback
55:17 MIN

Avoiding common security mistakes and giving better feedback

The weekly developer show: Boosting Python with CUDA, CSS Updates & Navigating New Tech Stacks

Making web application security accessible to developers
01:10 MIN

Making web application security accessible to developers

What The Hack is Web App Sec?

Key takeaways on IDE and developer tool security
27:19 MIN

Key takeaways on IDE and developer tool security

You click, you lose: a practical look at VSCode's security

Introduction to developer-first security and CTFs
00:07 MIN

Introduction to developer-first security and CTFs

Capture the Flag 101

Finding resources for continuous security learning
19:19 MIN

Finding resources for continuous security learning

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Q&A on vulnerable libraries and team security responsibility
25:56 MIN

Q&A on vulnerable libraries and team security responsibility

Security Pitfalls for Software Engineers

From vulnerability researcher to automated security founder
00:03 MIN

From vulnerability researcher to automated security founder

The transformative impact of GenAI for software development and its implications for cybersecurity

Featured Partners

Related Videos

See all videos
What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

Plants vs. Thieves: Automated Tests in the World of Web Security24:09

Plants vs. Thieves: Automated Tests in the World of Web Security

Ramona Schwering

Coffee with Developers - Cassidy Williams - 44:20

Coffee with Developers - Cassidy Williams -

Cassidy Williams

Coffee with Developers with Feross Aboukhadijeh of Socket about the xz backdoor42:55

Coffee with Developers with Feross Aboukhadijeh of Socket about the xz backdoor

Feross Aboukhadijeh

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR40:38

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR

Anna Bacher

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together23:34

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Stefania Chaplin

Walking into the era of Supply Chain Risks37:36

Walking into the era of Supply Chain Risks

Vandana Verma

Real-World Security for Busy Developers29:50

Real-World Security for Busy Developers

Kevin Lewis

Related Articles

View all articles
DC
Daniel Cranney
Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI
Inside last week’s Dev Digest 198 . 🎂 30 years of JavaScript ⏰ How long is a JavaScript second 💻 Clean code in Angular 🤦‍♂️ AI makes different mistakes than humans 👨‍💻 In-browser and offline AI 🟠 Undocumented Hacker News features 🐋 DeepSeek censored...
Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI
Dev Digest 105 - Security First
Last Friday's Dev Digest was mostly about security and game topics, so let's take a look what you didn't get in your inbox. We also covered some brand new online courses to get started as a developer or refresh your knowledge. And we wrapped up CODE1...
Dev Digest 105 - Security First

From learning to earning

Jobs that call for the skills explored in this talk.