Secure Coding Best Practices

Logo
Presented by

Matthew Butler, Principal Engineer

About this talk

Computer systems are under siege 24 hours a day, day in and day out. The critical security infrastructure designed to protect those systems, won’t. The other side has the best security hardware and software systems other people’s money can buy and they have all the time in the world to find creative ways to defeat them. Meltdown and Spectre are prime examples of security vulnerabilities that have lurked dormant for decades. Or have they? If your systems are in any way connected to the outside world, the other side will get inside the wire on you. Know that going in. Whether you write applications, libraries or work in kernel code, the line of code you write today may very well be the vulnerability someone else finds tomorrow. By nature, every code base contains hundreds of attack surfaces and it only takes one serious vulnerability to compromise your system. In this talk we’ll see: -How hackers think and how they identify weaknesses in our systems. -How to identify hidden attack surfaces, attack vectors and vulnerabilities in critical systems. -Where the most common vulnerabilities in Modern software development are and how to avoid them. -Why common guidelines and static analysis tools often fail to find vulnerabilities. -How to use Threat Modeling to analyze complex systems and built security into our systems at design time. -How to use Trust Boundaries to protect critical infrastructure. -Why open source and third-party libraries are fast becoming hidden liabilities in our software and how to protect ourselves against their vulnerabilities. -What the best practices for protecting our code from attack are. The critical security infrastructure designed to protect your systems is largely out of your control. The one thing you can control is the next line of code you write. This talk is for anyone writes kernel, applications, or libraries that run in the real-world and that face real-world attacks. In today’s world, that’s all of us.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (174)
Subscribers (14710)
Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, link here, the open-source automated dependency update project. For more information, visit www.mend.io, the Mend blog, and Mend on LinkedIn and Twitter.