I will be returning to Nebraska.Code() this year and I am looking forward to getting the opportunity to meet with and work with some of the most talented developers in the midwest. As part of the conference I will be offering my 1 day workshop focusing on Hands-On application security.
Software security isn’t a tool or a library, everyone knows that you should check your parameters, and watch out for SQL injection, but is that really enough? If you have never had the opportunity to spend time hacking your own applications, you are really doing yourself a disservice. More than ever, the web is becoming an increasingly hostile environment, and because of it developers really need to step up their game. In this session we will go over some of the methodologies that we use internally to test applications, helping developers to think more strategically about designing applications for general security. As part of this conversation I will go over active attacks that we have seen against production sites using steralized examples.
Tuesday, 8:30 AM - 4:30 PM | Arbor 2 (102)
At this point a lot of companies are comfortable and familiar with the concept of dogfooding, the practice of using your software as a method of functional testing. But what happens if we want to practice securing our applications against attackers or people who would seek to misuse it? Enter ‘Blowing up the Dog Food’ or a fun way to include members of the development and QA team to get involved to test the security of the application. The goal is to setup a method for helping teams to think critically about the implementation of their applications, improve logging to catch misuse, practice the implementations of threat modeling, and test out the security of an application in a way that helps to develop orange team skills in developers as well as test the applications.
Thursday, 1:15 PM - 2:15 PM | Ivanhoe (105)
We’ve all worked on the dreaded legacy product. Maybe the applications developers are no longer part of the company, or possibly it was developed by a team offshore. What are the steps to take it from a whole broken code base that stresses out developers, to something that people don’t fear working on. This course provides a step by step process to revitalize legacy applications and make them more managable.
Kaizen is the Japanese word for improvement, as was introduced to the development world as part of the LEAN development model. But from it’s humble introduction and implementation as part of the Toyota Production System to it current use in modern software development, it has proven it’s effects on improving software code bases and the lives of developers.
Thursday, 3:45 PM - 4:45 PM | Office Plaza 202 (104)