Anna Oliveira

Security Blindspots and How to Learn About Them - Anna Oliveira

Automated security tools aren't enough. Learn to spot vulnerabilities yourself with this interactive terminal game for developers.

Security Blindspots and How to Learn About Them - Anna Oliveira
#1about 3 minutes

Creating a terminal game to learn secure coding practices

The project Blindspot was inspired by Rustlings to create a gamified, open-source terminal experience for practicing vulnerability identification in code.

#2about 4 minutes

Gameplay mechanics of the Blindspot security game

Blindspot presents code snippets in the terminal with multiple-choice options to identify vulnerabilities, providing detailed explanations after each correct answer.

#3about 3 minutes

Sourcing security challenges and embracing open source contributions

The game's challenges are sourced from OWASP materials and AI tools, with an open-source model designed to invite community contributions and corrections.

#4about 3 minutes

Contributing security content using simple YAML files

You can contribute new challenges and vulnerability explanations to the project by editing YAML files, without needing any knowledge of Go.

#5about 2 minutes

The personal motivation behind building a learning tool

The project was created out of a personal desire to learn and share, emphasizing the joy of coding over commercial success or viral fame.

#6about 2 minutes

Balancing automated security scanning with manual code review

While automated tools offer efficiency, they often lack application context and produce false positives, making manual code review essential for deep security analysis.

#7about 3 minutes

Navigating the career transition from engineering to security

Transitioning into a security career is challenging due to experience requirements, making internal mobility within your current company the most practical path.

#8about 1 minute

How teaching others solidifies your own technical knowledge

Explaining concepts to others is a powerful learning method because it exposes gaps in your own understanding and forces you to master the subject.

#9about 4 minutes

A call for community contributions and future localization

The project seeks community contributions for new challenges and plans to add localization to make security education accessible to a global audience.

Related jobs
Jobs that call for the skills explored in this talk.

Software Engineer

tree-IT GmbH

tree-IT GmbH
Bad Neustadt an der Saale, Germany

54-80K
Intermediate
Senior
Java
TypeScript
+1

Matching moments

Hands-on security training for developers
04:38 MIN

Hands-on security training for developers

How GitHub secures open source

Avoiding common security mistakes and giving better feedback
03:55 MIN

Avoiding common security mistakes and giving better feedback

The weekly developer show: Boosting Python with CUDA, CSS Updates & Navigating New Tech Stacks

Making web application security accessible to developers
01:24 MIN

Making web application security accessible to developers

What The Hack is Web App Sec?

Key takeaways on IDE and developer tool security
02:28 MIN

Key takeaways on IDE and developer tool security

You click, you lose: a practical look at VSCode's security

Introduction to developer-first security and CTFs
04:09 MIN

Introduction to developer-first security and CTFs

Capture the Flag 101

Finding resources for continuous security learning
01:25 MIN

Finding resources for continuous security learning

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Q&A on vulnerable libraries and team security responsibility
02:56 MIN

Q&A on vulnerable libraries and team security responsibility

Security Pitfalls for Software Engineers

From vulnerability researcher to automated security founder
05:31 MIN

From vulnerability researcher to automated security founder

The transformative impact of GenAI for software development and its implications for cybersecurity

Featured Partners

Related Videos

See all videos
How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR40:38

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR

Anna Bacher

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Maturity assessment for technicians or how I learned to love OWASP SAMM1:41:05

Maturity assessment for technicians or how I learned to love OWASP SAMM

Mathias Tausig

Building Security Champions42:40

Building Security Champions

Tanya Janca

What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

The attacker's footprint2:08:06

The attacker's footprint

Antonio de Mello & Amine Abed

Coffee with Developers with Feross Aboukhadijeh of Socket about the xz backdoor42:55

Coffee with Developers with Feross Aboukhadijeh of Socket about the xz backdoor

Feross Aboukhadijeh

Walking into the era of Supply Chain Risks37:36

Walking into the era of Supply Chain Risks

Vandana Verma

Related Articles

View all articles
Dev Digest 105 - Security First
Last Friday's Dev Digest was mostly about security and game topics, so let's take a look what you didn't get in your inbox. We also covered some brand new online courses to get started as a developer or refresh your knowledge. And we wrapped up CODE1...
Dev Digest 105 - Security First

From learning to earning

Jobs that call for the skills explored in this talk.