The hands-on for the developers who have no time for security!
150 minutes
During this session, we will have the challenge to start a new business. But, take care, we will face evil hackers!
We'll consider technics like secure coding and secure by design and see how we can improve the security of our applications with some genius design by applying practices like TDD or DDD. At the end of the session, you will understand how weaknesses can sneak into your code and how you can craft quality and secure code.
And, maybe, you will find some "quick wins" to apply in the real life...
You will need to bring your own device. The session has a Java and c#/.net core versions.
This session is specially designed for beginners to intermediate developpers
This session is specially designed for beginners to intermediate developpers
After this session, attendees will have basic tips and knowledge about:
- Secure coding
- How to improve their code to prevent weaknesses
- Secure by Domain-Driven Design (strategic and tactic approach)
- Secure by Design
This talk doesn't aim to transform developers into security gourous and elite pentesters. Attendees will be aware of how dangerous can be their code and how to change small things to make it better
Slides (https://fr.slideshare.net/YvanPHELIZOT/crafting-secure-software-dddeu-2019)
Codebase (https://github.com/cotonne/bbl-crafting-secure-softwares)
This session uses a codebase (https://github.com/cotonne/bbl-crafting-secure-softwares) that attendees have to investigate and refactor to make it secure.
00:00 - 00:05 : introducing myself :)
00:05 - 00:10 : describe context (Neflipster)
00:10 - 00:30 : attendees download code and look for weakness
00:30 - 00:40 : highlight some weaknesses and how to fix them (secure coding approach)
00:40 - 01:00 : attendees have to fix them
01:00 - 01:05 : previous exchange can be traced as tests (TDS approach)
01:10 - 01:20 : people write tests
01:20 - 01:30 : hey, there is still another weakness (Secure by DD-Design)
01:30 - 01:50 : attendees introduce VO like money, quantity, ...
01:50 - 02:00 : hey, I was tired and again, there is a weakness in this codebase (Strongly typed code)
02:00 - 02:10 : People fix it
02:10 - 02:20 : Conclusion
02:20 - 02:30 : questions
I don't understand this part, can you help me? :)