SecAppDev 2024 lecture details
Secure coding: Back to Basics
Learn how to write more secure code by using a set of constructs that makes it easier to get things right.
Tuesday June 4th, 16:00 - 17:30
Room West Wing
Download handoutsAbstract
In this lecture we will look at how we write and how we can influence the security of the code by writing it in a different way. We will look at constructs in the code and borrow a bit from modern Domain Driven Design to help make the code more secure. We will also challenge some of the ways developers typically write software. The lecture should be relevant to both junior and experienced developers.
Key takeaway
How we can write more secure code with less flaws by making changes to how we construct the code.
Content level
Deep-dive
Target audience
Developers, security engineers working with developers, and code writing architects.
Prerequisites
None
Erlend Oftedal
Security Researcher, Crosspoint Labs As
Expertise: Application security and secure software development
Related lectures
Practical cryptography with Tink
Deep-dive lecture by Neil Madden in room West Wing
Monday June 3rd, 16:00 - 17:30
Learn how to translate cryptography know-how into robust working code that is easy to review. Avoid common implementation pitfalls by learning how to use the modern Tink cryptographic library.
Key takeaway: Learn how to use Tink to implement cryptographic features and protocols in a robust manner.
Building Secure ReactJS Applications
Deep-dive lecture by Jim Manico in room West Wing
Tuesday June 4th, 09:00 - 10:30
Learn to secure ReactJS apps against XSS, data leaks, and more. Dive into props, dangerouslySetInnerHTML, CSS, JSON, XSS protections, and SSR. Essential for safer development.
Key takeaway: Component dynamics, unescaped props, dangerouslySetInnerHTML, JavaScript URLs, CSS, JSON, XSS defenses, lazy loading, template injection, SSR.
Winning the war in cyber
Keynote lecture by Jessica Robinson in room Lemaire
Monday June 3rd, 09:15 - 10:30
How well we adapt continues to influence our security strategies, our creativity, and our culture, in our companies and in our industry. It seems starting with ourselves is a natural place to begin.
Key takeaway: What the evolution of the security practitioner, and leader, will look in the future in winning the daily battles in cybersecurity.