Securing an application is not just an extra build step that you can add to the end of a pipeline. To make sure your application is as secure as possible you need to follow certain principles and best practices during the whole development cycle.
To demonstrate the importance of considering security from the ground up, I invite you to a hands-on offensive workshop where you will get the chance to exploit an intentionally badly designed website’s weak points. You can try to solve different challenges to see what leverage a potential attacker can gain. Later you can learn about what design principles weren’t followed during the development and how similar real-life vulnerabilities affected big companies. A modern browser with developer tools is necessary and you should have some experience in web development.
Secure coding skills are valuable competencies for any developer. Being familiar with them can help you spot and correct dangerous design or implementation details which means faster development and reduced operational cost. By the end of the workshop, you will understand and comfortably apply the introduced principles.
Slides can be found at https://sdpw.herokuapp.com/slides
Soma Erdélyi is currently working at Emarsys in Budapest as a member of the Application Security team. Beside building tools that automate and supervise company processes the team actively supports other developer teams when they design or implement safety-critical features. He regularly organizes internal security training for developers where he raises awareness of the dangers modern web applications are facing. In these events, software developers can have a hands-on experience with exploiting security holes and see the benefits of applying best practices. He believes security should be every developer’s concern because we, developers are responsible for the stability of our application including protecting all the data stored in it. In his spare time, Soma likes working on hobby electronics projects with Arduinos and Raspberry Pis.