This talk applies the Pareto Principal (80/20 rule) to making coding activities more security focused. It presents 5 coding activities a Bad Guy wants you to do, so they can attack your enterprise. These 5 “Bad Guy Wants” are validated by threat and vulnerability statistics and represent that key 20% of issues, that create 80% of the exploits effects.
This talk takes a different approach to secure coding and development. There are many low-level standards for each technology that illustrate hundreds of “secure coding” practices: string related buffer overflows in C, C++, etc; bad exception handling practices in nearly every language; the list could go on. The CERT C coding standard for C is a 720 page document with 51 high level rules.
How can the mere-mortal, average developer keep all of this in his or her head with all the other technology concepts associated with each technology they use?
The answer is, THEY CAN’T.
As a result the average developer and development team largely ignores secure coding, providing the foundation for an attacker entry and establishment. This simple list of 5 “Bad Guy Wants” becomes the force multiplier towards enhancing security in your application activities.
- Presenter Credentials & Experiences
- Why this format/What to expect
- 5 Coding Mistakes a Bad Guy Wants YOU To Do
This presenting is short and concise in nature. Typically 30 minutes in length it can be stretched to an hour. It is optimally presented as a “lunch and learn” format, or alternatively as a lunch and learn with follow-up focused Q/A time.
- Lunch & Learn – This is a short format (30 min – 1 hr). The core material is presented (short format versions only) along with a brief group Q&A. This format is ideally suited for lunch and learn sessions, conference settings, and other limited time group/mass scenarios.
- Lunch & Learn+ – This is the short format presentation, with an additional 1 1/2 hours allocated on-site to work with individual and groups on specific concerns they may have. This format is suited for the same settings as the Lunch & Learn, but where organization needs extended, focused Q&A.