about Secure Coding
Coding is no longer just about creating new and innovative features. As AppSec becomes a top priority, agile organizations are looking for ways to win at security without slowing down their release cycles. This means reconfiguring our mindset, and shifting security as far left as possible: The Coding Phase.
Your first mission, should you choose to accept it, is to join us at the Secure Coding Virtual Summit on the 23 April 2020 where you can hear from our finest selection of agents (also known as industry-leading practitioners, analysts, and thought leaders from the AppSec and Cybersecurity realm) as they share their secret insights, principles, and best practices to achieve better, secure software.
The Evolution of Secure Coding
The importance of security has changed substantially over the past few years. We see an exponential growth in security products, services, certifications and in general, much more interest in the subject of security – yet, we continuously face a battle against security vulnerabilities and security breaches. This poses the question: what role does secure coding play in today’s day and age? What is the secret to improving an organization's secure coding capabilities? What can we do better?
How to ship secure code with confidence
It is estimated that, globally, 111 billion lines of code is produced every single year. In a rapidly digitising world, that number is only set to grow larger… along with the potential for more security issues. We are facing an uphill battle against a general AppSec skills shortage, the need for production at the speed of company innovation, and siloed teams not working to the same application security goals. With over 4 billion records stolen as a result of data breaches in 2019 alone, this has to change.
Security awareness programmes remain a powerful, yet underutilised tool to inspire organisations to stay security-focused and engage teams to do their part in the fight against vulnerable code. With the right security awareness programme, you can effectively bridge the gap between the AppSec and dev cohorts, fostering a positive and collaborative culture to achieve common goals and create a better standard of software.
Secure Coding Best Practices
Computer systems are under siege 24 hours a day, day in and day out. The critical security infrastructure designed to protect those systems, won't. The other side has the best security hardware and software systems other people's money can buy and they have all the time in the world to find creative ways to defeat them. Meltdown and Spectre are prime examples of security vulnerabilities that have lurked dormant for decades. Or have they? If your systems are in any way connected to the outside world, the other side will get inside the wire on you. Know that going in.
Whether you write applications, libraries or work in kernel code, the line of code you write today may very well be the vulnerability someone else finds tomorrow. By nature, every code base contains hundreds of attack surfaces and it only takes one serious vulnerability to compromise your system.
In this talk we'll see:
* How hackers think and how they identify weaknesses in our systems.
* How to identify hidden attack surfaces, attack vectors and vulnerabilities in critical systems.
* Where the most common vulnerabilities in Modern software development are and how to avoid them.
* Why common guidelines and static analysis tools often fail to find vulnerabilities.
* How to use Threat Modeling to analyze complex systems and built security into our systems at design time.
* How to use Trust Boundaries to protect critical infrastructure.
* Why open source and third-party libraries are fast becoming hidden liabilities in our software and how to protect ourselves against their vulnerabilities.
* What the best practices for protecting our code from attack are.
The critical security infrastructure designed to protect your systems is largely out of your control. The one thing you can control is the next line of code you write. This talk is for anyone writes kernel, applications or libraries that run in the real-world and that face real-world attacks.
In today's world, that's all of us.
How secure is secure enough? Designing for Security with Threat Modeling
We’ve all been there – we’ve each spent too much time and resources on security, but 3 months later we still get breached anyway. “But we followed all the ‘Best Practices’!” your developers cry.
In this flash intro to secure software design, AviD will show why every software development process should start with Threat Modeling, and how to efficiently get security to contribute to the bottom line.
Visit the virtual booths and meet the experts
Code Security: Let’s Put Fears Aside and Learn Cool Things
Fears.. It’s like if they sometimes rule the security market.. If you don’t follow secure development practices, then your users’ personal data might get stolen... If you don’t do ‘DevSecOps’, then your app will be vulnerable and might get hacked... No doubt Application Security is an important topic, but is bringing up risks and fears really the best way to get development teams to care about secure coding practices?
In this talk we will go through a different approach, a more powerful one: empowering developers. Developers love learning best-practices, they constantly seek to improve their code. By tightly coupling security tooling with developers’ workflow, you can get more than just mitigating risks and fears: you’re giving an opportunity for your development team to be more engaged, to truly understand the security of their code, and to continuously get better at keeping it secure.
As you join this session, leave fears on the side, and come feel the good vibes of developer-led code security! It’s about developers learning and growing, it’s about teams maximizing their impact.
An introduction to cloud native security with containers
In this session we will review the pillars of cloud native security in the context of containerized workloads. We will cover topics such as securely building container images, runtime security, authentication and access control in Kubernetes, network traffic control, and secrets.
Secure Coding and Vulnerabilities
In this panel, the panelists will discuss different code attack vectors, including the OWASP Top 10. They will also discuss the importance of both static,dynamic, as well as software composition analysis to help mitigate vulnerabilities in our code.
Threat Modeling vNext
Threat Modeling is one of the best tools for Security and has been adopted successfully by various Companies around the globe, including Microsoft. Even if it has demonstrated to be a very effective approach, it has not shone for efficiency and has improved only so much compared to other development methodologies over the last years.
All those problems have been reason enough to limit its adoption. It is past due time for change. It is time to make Threat Modeling the flexible, integrated, automated and customizable process you need. Please meet Threat Modeling vNext!
Deep dive container security (policies, access control & managing sensitive data)
In this hands-on sessions we dive deep into three areas of container security that deserve special attention, namely policies and their enforcements (Kubernetes network policies and OPA), access control (RBAC and general purpose IAM), as well as options how to deal with sensitive data (Kubernetes secrets, AWS Secrets Manager, Vault).
Reserve your spot now! Can’t make the live date? No worries! Register now, and we’ll send you the replay link after the event. Please complete your registration below. Already registered? Log in here.