Security Blindspots and How to Learn About Them - Anna Oliveira

Automated security tools aren't enough. Learn to spot vulnerabilities yourself with this interactive terminal game for developers.

#1about 3 minutes

Creating a terminal game to learn secure coding practices

The project Blindspot was inspired by Rustlings to create a gamified, open-source terminal experience for practicing vulnerability identification in code.

#2about 4 minutes

Gameplay mechanics of the Blindspot security game

Blindspot presents code snippets in the terminal with multiple-choice options to identify vulnerabilities, providing detailed explanations after each correct answer.

#3about 3 minutes

Sourcing security challenges and embracing open source contributions

The game's challenges are sourced from OWASP materials and AI tools, with an open-source model designed to invite community contributions and corrections.

#4about 3 minutes

Contributing security content using simple YAML files

You can contribute new challenges and vulnerability explanations to the project by editing YAML files, without needing any knowledge of Go.

#5about 2 minutes

The personal motivation behind building a learning tool

The project was created out of a personal desire to learn and share, emphasizing the joy of coding over commercial success or viral fame.

#6about 2 minutes

Balancing automated security scanning with manual code review

While automated tools offer efficiency, they often lack application context and produce false positives, making manual code review essential for deep security analysis.

#7about 3 minutes

Navigating the career transition from engineering to security

Transitioning into a security career is challenging due to experience requirements, making internal mobility within your current company the most practical path.

#8about 1 minute

How teaching others solidifies your own technical knowledge

Explaining concepts to others is a powerful learning method because it exposes gaps in your own understanding and forces you to master the subject.

#9about 4 minutes

A call for community contributions and future localization

The project seeks community contributions for new challenges and plans to add localization to make security education accessible to a global audience.