This talk explores how you can use tooling and automation to include security early on and throughout a continuous integration/continuous delivery (CI/CD) DevOps pipeline. Scanning the platform for vulnerabilities and the code for 3rd-party components with known vulnerabilities, using static code analysis and performing dynamic security testing are some strategies …
What is “secure code”? This session introduces you to a safe mindset when developing applications. Learn how to make the concept of “trust” a first class citizen in your code, and know what to look for when reviewing code for security vulnerabilities. Secure coding patterns will make your code cleaner, …
What makes SSL secure, and when is it not? How do we handle sensitive data in our apps/systems? Is encrypted data always protected (and protected against what)? Can we trust the code just because we wrote and/or compiled it ourselves? How do we protect our application logic?
Every year billions of dollars are spent on preventing breaches in software applications. While some of these systems are doing a sufficient job of keeping data away from the hands of attackers, it has become clear that there is no real way to prevent breaches with 100% certainty. Of course …
For most developers, the security team at Google is a black box. Yet Safe Browsing and its API have been around for years and currently protect over a billion users. We also recently launched the source code to End-To-End, an encryption extension for Chrome, where we’re explicitly calling for community …
Creating a secure application involves more then just applying Spring Security to it. This is of course not a new topic, but with the increased popularity of much more dynamic configurations for Servlet Containers and various Spring Projects, like Spring MVC and Spring Integration, it becomes more important to know …
