Thomas Konrad

Software Security 101: Secure Coding Basics

What's the biggest security risk in your application? It might not be the code you actually wrote.

Software Security 101: Secure Coding Basics
#1about 15 minutes

Understanding core software security principles and terminology

Key concepts like the CIA triad, technical debt, and design principles provide a shared language for discussing security.

#2about 19 minutes

Evaluating programming languages for security features

Criteria like memory safety, type strictness, and sandbox support help in selecting a language that mitigates entire classes of vulnerabilities by design.

#3about 13 minutes

Implementing secure input and output handling

Proper input validation, canonicalization, sanitization, and context-sensitive output encoding are crucial for preventing injection attacks.

#4about 5 minutes

Avoiding pitfalls in low-level languages and enforcing access control

Low-level languages require manual bounds checking to prevent buffer overflows, while complete mediation ensures access control is checked on every request.

#5about 8 minutes

Applying cryptography and managing user sessions securely

Use standard, well-vetted cryptographic libraries and follow best practices for session management to protect data and user identity.

#6about 9 minutes

Handling concurrency to prevent data integrity issues

Race conditions can lead to data integrity problems, which can be mitigated using techniques like entity versioning or resource locking.

#7about 12 minutes

Understanding common web and API vulnerability classes

Familiarity with lists like the OWASP Top 10 and CWE Top 25 helps in creating targeted protection strategies for specific vulnerabilities like cross-site scripting.

#8about 5 minutes

Managing third-party software dependencies for security

Automating dependency checks for known vulnerabilities is essential because third-party libraries often constitute the majority of an application's code.

#9about 7 minutes

Integrating security into the software development lifecycle

Using a maturity model like OWASP SAM helps shift security left by incorporating activities like threat modeling early in the design phase.

#10about 19 minutes

Key takeaways and resources for continuous security learning

Cultivate a culture of continuous learning by using resources like OWASP Juice Shop and focusing on understanding the entire technology stack.

Related jobs
Jobs that call for the skills explored in this talk.

Software Engineer

tree-IT GmbH

tree-IT GmbH
Bad Neustadt an der Saale, Germany

54-80K
Intermediate
Senior
Java
TypeScript
+1

Matching moments

Why developers make basic cybersecurity mistakes
02:26 MIN

Why developers make basic cybersecurity mistakes

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Foundational practices for writing secure software code
06:06 MIN

Foundational practices for writing secure software code

Security Pitfalls for Software Engineers

Addressing the security education gap for developers
03:34 MIN

Addressing the security education gap for developers

Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Hands-on security training for developers
04:38 MIN

Hands-on security training for developers

How GitHub secures open source

Key strategies for building a secure code culture
02:23 MIN

Key strategies for building a secure code culture

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Focusing on secure architecture over just code
01:20 MIN

Focusing on secure architecture over just code

Architecting API Security

The difference between secure coding and secure development
05:26 MIN

The difference between secure coding and secure development

Maturity assessment for technicians or how I learned to love OWASP SAMM

Introduction to developer-first security and CTFs
04:09 MIN

Introduction to developer-first security and CTFs

Capture the Flag 101

Featured Partners

Related Videos

See all videos
Security Pitfalls for Software Engineers
27:32

Security Pitfalls for Software Engineers

Jasmin Azemović

Typed Security: Preventing Vulnerabilities By Design
58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

You click, you lose: a practical look at VSCode's security
29:47

You click, you lose: a practical look at VSCode's security

Thomas Chauchefoin & Paul Gerste

Building Security Champions
48:02

Building Security Champions

Tanya Janca

Maturity assessment for technicians or how I learned to love OWASP SAMM
1:41:05

Maturity assessment for technicians or how I learned to love OWASP SAMM

Mathias Tausig

Climate vs. Weather: How Do We Sustainably Make Software More Secure?
51:41

Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Panel Discussion

Programming secure C#/.NET Applications: Dos & Don'ts
33:29

Programming secure C#/.NET Applications: Dos & Don'ts

Sebastian Leuer

Security in modern Web Applications - OWASP to the rescue!
26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Related Articles

View all articles
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
Daniel Cranney
The Overflow: 5 Security and Privacy Tools for Developers
We’re back again with another edition of the Overflow, where we share some of the best tools we’ve found from around the web that we just couldn’t cram into the already jam-packed editions of the Dev Digest. So let’s take a look at five security and ...
The Overflow: 5 Security and Privacy Tools for Developers

From learning to earning

Jobs that call for the skills explored in this talk.