Don’t be that guy! Developer Security Awareness


Presenter(s): Markus Eisele.

In this vJUG session, we talk with Markus about why, as a developer, you should care about security. As a coder, there’s just one thing you want to do right? Write a bunch of code and get some awesome features written! Markus raises an important point, that not all programmers are security engineers and frightens us with stats of security incidents year on year. He shows us several types of security attacks and examples of the different manifestations of an attack. Markus claims that there are an endless number of combinations of attack and the limit is the creativity of the bad guys actually making the attack.

So where do we start in trying to defend against these attacks? Markus looks into the tools we have at our disposal to help us avoid these attacks. There are aspects that involve people, processes and tech which are available to us as developers and Markus tries to get developers to think outside of just the tech box when looking at a security risk. So how do you secure people, processes and tech? Markus goes through each one providing thought provoking discussion about how this can be achieved.

The session is a very good eye-opener that builds awareness of how aspects of security should be approached. It’s important, particularly with security that you start off with the right mindset and approach. Markus gives a great session which addresses this and talks about aspects you likely didn’t think about, proving that developers aren’t typically good security engineers 🙂

Read Markus’ own summary of the session (along with his slide set) on his blog, along with the IRC notes going on during the session. Leave comments and tweet @virtualJUG as you like!