Anna Oliveira

Security Blindspots and How to Learn About Them - Anna Oliveira

Automated security tools aren't enough. Learn to spot vulnerabilities yourself with this interactive terminal game for developers.

Security Blindspots and How to Learn About Them - Anna Oliveira
#1about 3 minutes

Creating a terminal game to learn secure coding practices

The project Blindspot was inspired by Rustlings to create a gamified, open-source terminal experience for practicing vulnerability identification in code.

#2about 4 minutes

Gameplay mechanics of the Blindspot security game

Blindspot presents code snippets in the terminal with multiple-choice options to identify vulnerabilities, providing detailed explanations after each correct answer.

#3about 3 minutes

Sourcing security challenges and embracing open source contributions

The game's challenges are sourced from OWASP materials and AI tools, with an open-source model designed to invite community contributions and corrections.

#4about 3 minutes

Contributing security content using simple YAML files

You can contribute new challenges and vulnerability explanations to the project by editing YAML files, without needing any knowledge of Go.

#5about 2 minutes

The personal motivation behind building a learning tool

The project was created out of a personal desire to learn and share, emphasizing the joy of coding over commercial success or viral fame.

#6about 2 minutes

Balancing automated security scanning with manual code review

While automated tools offer efficiency, they often lack application context and produce false positives, making manual code review essential for deep security analysis.

#7about 3 minutes

Navigating the career transition from engineering to security

Transitioning into a security career is challenging due to experience requirements, making internal mobility within your current company the most practical path.

#8about 1 minute

How teaching others solidifies your own technical knowledge

Explaining concepts to others is a powerful learning method because it exposes gaps in your own understanding and forces you to master the subject.

#9about 4 minutes

A call for community contributions and future localization

The project seeks community contributions for new challenges and plans to add localization to make security education accessible to a global audience.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Increasing the value of talk recordings post-event
04:57 MIN

Increasing the value of talk recordings post-event

Cat Herding with Lions and Tigers - Christian Heilmann

Using content channels to build an event community
04:49 MIN

Using content channels to build an event community

Cat Herding with Lions and Tigers - Christian Heilmann

Balancing the trade-off between efficiency and resilience
03:38 MIN

Balancing the trade-off between efficiency and resilience

What 2025 Taught Us: A Year-End Special with Hung Lee

Why HR struggles with technology implementation and adoption
04:22 MIN

Why HR struggles with technology implementation and adoption

What 2025 Taught Us: A Year-End Special with Hung Lee

Developing resilience by expanding your capacity for failure
04:57 MIN

Developing resilience by expanding your capacity for failure

What 2025 Taught Us: A Year-End Special with Hung Lee

Getting hired by contributing to open source projects
05:32 MIN

Getting hired by contributing to open source projects

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Featured Partners

Related Videos

See all videos
What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

Plants vs. Thieves: Automated Tests in the World of Web Security24:09

Plants vs. Thieves: Automated Tests in the World of Web Security

Ramona Schwering

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR40:38

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR

Anna Bacher

Coffee with Developers with Feross Aboukhadijeh of Socket about the xz backdoor42:55

Coffee with Developers with Feross Aboukhadijeh of Socket about the xz backdoor

Feross Aboukhadijeh

Creating games to make the web fun again41:03

Creating games to make the web fun again

Nolan Royalty

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together23:34

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Stefania Chaplin

Real-World Security for Busy Developers29:50

Real-World Security for Busy Developers

Kevin Lewis

Related Articles

View all articles

From learning to earning

Jobs that call for the skills explored in this talk.