How to Use Your Vulnerabilities to Train Your Developers on Security

Presented by

Prash Somaiya, HackerOne and Jared Ablon, HackEDU

About this talk

The idea of secure coding training that covers just what you need, right when you need it, seems too good to be true. But it’s not. Leading development teams are using their own vulnerabilities to train their coders, focusing on their most pressing mistakes while providing a more relevant experience that keeps coders engaged. This workshop will show you how to set up a program, reveal the most common vulnerabilities developers cause, and how to make sure your developers develop a fix that really solves the problem. Key Takeaways: - Vulnerabilities developers find easiest and hardest to fix - The top vulnerabilities that developers “fix” incorrectly - Which programming languages have fewer vulnerabilities in production - Topics your developers should master to become more secure coders - How to develop a training schedule that doesn’t disrupt productivity

Related topics:

More from this channel

Upcoming talks (6)
On-demand talks (64)
Subscribers (4784)
HackerOne powers the world’s leading bug bounty and vulnerability coordination platform. More than 700 organizations trust HackerOne to find their critical software vulnerabilities before criminals can exploit them. HackerOne has the world's largest community of trustworthy hackers to help improve your organization's defense. Customers include General Motors, Adobe, Uber, the U.S. Pentagon, Salesforce, Twitter, Yahoo!, Dropbox, Square, LinkedIn, Snapchat, Airbnb, New Relic, Qualcomm, Nintendo, Intel and the CERT Coordination Center.