Thomas Konrad

Software Security 101: Secure Coding Basics

What's the biggest security risk in your application? It might not be the code you actually wrote.

Software Security 101: Secure Coding Basics
#1about 15 minutes

Understanding core software security principles and terminology

Key concepts like the CIA triad, technical debt, and design principles provide a shared language for discussing security.

#2about 19 minutes

Evaluating programming languages for security features

Criteria like memory safety, type strictness, and sandbox support help in selecting a language that mitigates entire classes of vulnerabilities by design.

#3about 13 minutes

Implementing secure input and output handling

Proper input validation, canonicalization, sanitization, and context-sensitive output encoding are crucial for preventing injection attacks.

#4about 5 minutes

Avoiding pitfalls in low-level languages and enforcing access control

Low-level languages require manual bounds checking to prevent buffer overflows, while complete mediation ensures access control is checked on every request.

#5about 8 minutes

Applying cryptography and managing user sessions securely

Use standard, well-vetted cryptographic libraries and follow best practices for session management to protect data and user identity.

#6about 9 minutes

Handling concurrency to prevent data integrity issues

Race conditions can lead to data integrity problems, which can be mitigated using techniques like entity versioning or resource locking.

#7about 12 minutes

Understanding common web and API vulnerability classes

Familiarity with lists like the OWASP Top 10 and CWE Top 25 helps in creating targeted protection strategies for specific vulnerabilities like cross-site scripting.

#8about 5 minutes

Managing third-party software dependencies for security

Automating dependency checks for known vulnerabilities is essential because third-party libraries often constitute the majority of an application's code.

#9about 7 minutes

Integrating security into the software development lifecycle

Using a maturity model like OWASP SAM helps shift security left by incorporating activities like threat modeling early in the design phase.

#10about 19 minutes

Key takeaways and resources for continuous security learning

Cultivate a culture of continuous learning by using resources like OWASP Juice Shop and focusing on understanding the entire technology stack.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Using AI to overcome challenges in systems programming
02:49 MIN

Using AI to overcome challenges in systems programming

AI in the Open and in Browsers - Tarek Ziadé

Prompt injection as an unsolved AI security problem
07:39 MIN

Prompt injection as an unsolved AI security problem

AI in the Open and in Browsers - Tarek Ziadé

The security challenges of building AI browser agents
06:33 MIN

The security challenges of building AI browser agents

AI in the Open and in Browsers - Tarek Ziadé

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

The industry's focus on frameworks over web fundamentals
11:32 MIN

The industry's focus on frameworks over web fundamentals

WeAreDevelopers LIVE – Frontend Inspirations, Web Standards and more

Scripting presentations and demos in VS Code
14:14 MIN

Scripting presentations and demos in VS Code

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Selecting strategic partners and essential event tools
03:17 MIN

Selecting strategic partners and essential event tools

Cat Herding with Lions and Tigers - Christian Heilmann

The importance of client-side encryption for AI features
03:16 MIN

The importance of client-side encryption for AI features

AI in the Open and in Browsers - Tarek Ziadé

Featured Partners

Related Videos

See all videos
Programming secure C#/.NET Applications: Dos & Don'ts33:29

Programming secure C#/.NET Applications: Dos & Don'ts

Sebastian Leuer

101 Typical Security Pitfalls28:41

101 Typical Security Pitfalls

Alexander Pirker

Security Pitfalls for Software Engineers27:32

Security Pitfalls for Software Engineers

Jasmin Azemović

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together23:34

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Stefania Chaplin

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?27:36

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?

Tino Sokic

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

How GitHub secures open source25:28

How GitHub secures open source

Joseph Katsioloudes

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
DC
Daniel Cranney
Top Must-Visit Developer Conferences in the US in 2026
For US software developers, 2026 is shaping up to be one of the strongest years yet for in-person learning, networking, and career growth. As AI moves into production, cloud architectures mature, and engineering teams face increasing complexity, deve...
Top Must-Visit Developer Conferences in the US in 2026

From learning to earning

Jobs that call for the skills explored in this talk.

Security Engineer

Security Engineer

Syntax Systems GmbH & Co. KG
Weinheim, Germany

Remote
Python
Ansible
Powershell
Scripting (Bash/Python/Go/Ruby)