Тёмный

Secure Coding Back to Basics - Erlend Oftedal - NDC Security 2022 

NDC Conferences
Подписаться 194 тыс.
Просмотров 8 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

In this talk we will go back a bit and discuss secure code.
We will look at the constructs we are using (and not using) and why changing some of the ways we typically write our code, can have security benefits. We will grab some elements from (modern) Domain Driven Design and see how we can use this to avoid or limit vulnerabilities.
Check out more of our featured speakers and talks at
ndcconferences.com/
ndc-security.com/

Наука

Опубликовано:

 

8 июн 2022

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 6   
@Najumulsaqib
@Najumulsaqib Год назад
Wonderful talk; you gave a unique perspective on secure coding which I havent heard before. Thanks
@jbird4478
@jbird4478 2 года назад
"Data does not stay data. This is a bug." Exactly. So why are we still using the same crappy SQL language as we did 50 years ago? Why not use some binary protocol where data is never evaluated as commands?
@jbird4478
@jbird4478 2 года назад
@@panosdotnet How it's stored is not related to the query language. The problem of SQL injection is that the app sends a command in the form of text to the database server. There is no distinction between the data and the command there, so data can accidentally be interpreted as a command. If you'd use a binary protocol for communicating with the server you could encode this distinction easily. Rather than letting the server pick one string of text apart, you'd just say "here's X bytes of data" and the server would know never to interpret those bytes as potential commands.
@capability-snob
@capability-snob 9 месяцев назад
Wow I missed that trusted types (for innerHTML) thing the first time through. The policies are not a great API - it's spooky action at a distance - but it still seems worth switching that on.
@Hofer2304
@Hofer2304 2 года назад
I have problems with duck typing. If you write a simple program, it is not a problem, but otherwise it is no help. I want to define my own domain specific types, and use them in a natural way. The best place for a type error detection is the editor. I have problems if nothing is really private. I want to declare my variables and constants, because I need as much help from the computer as possible.
@tactileslut
@tactileslut Год назад
No fault of the speaker but the video production was not laid out for legibility on the small screen.
Далее
Back to Basics: Efficient Async and Await - Filip Ekberg - NDC Porto 2022
1:02:00
Back to Basics: Efficient Async and Await - Filip Ekberg - NDC Porto 2022
Просмотров 12 тыс.
Developing for Linux on Windows - Scott Hanselman - NDC Porto 2022
1:08:42
Developing for Linux on Windows - Scott Hanselman - NDC Porto 2022
Просмотров 41 тыс.
СКОЛЬКО ПОДНИМЕТ ДИМА ГОРДЕЙ???
33:36
СКОЛЬКО ПОДНИМЕТ ДИМА ГОРДЕЙ???
Просмотров 259 тыс.
Dora back from the dead after doing the Tyla Dance 🤣 #shorts
00:13
Dora back from the dead after doing the Tyla Dance 🤣 #shorts
Просмотров 3,3 млн
Se atrevió, tuvo fe y... 🙂‍↕️🏀🙏 ‍️ (Vía lohmillerconnor/X) #shorts | ESPN Deportes
00:10
Se atrevió, tuvo fe y... 🙂‍↕️🏀🙏 ‍️ (Vía lohmillerconnor/X) #shorts | ESPN Deportes
Просмотров 1,5 млн
КАК ДУМАЕТЕ КТО ВЫЙГРАЕТ😂
00:29
КАК ДУМАЕТЕ КТО ВЫЙГРАЕТ😂
Просмотров 5 млн
Secure Coding - Best Practices (also for non developers!)
57:45
Secure Coding - Best Practices (also for non developers!)
Просмотров 20 тыс.
Functional Design Patterns - Scott Wlaschin
1:05:50
Functional Design Patterns - Scott Wlaschin
Просмотров 292 тыс.
Getting API security right - Philippe De Ryck - NDC London 2023
51:49
Getting API security right - Philippe De Ryck - NDC London 2023
Просмотров 26 тыс.
10 Tips for Cleaner C++ 20 Code - David Sackstein - CppCon 2022
58:29
10 Tips for Cleaner C++ 20 Code - David Sackstein - CppCon 2022
Просмотров 27 тыс.
Keynote: Software Architecture, Team Topologies and Complexity Science - James Lewis
56:33
Keynote: Software Architecture, Team Topologies and Complexity Science - James Lewis
Просмотров 6 тыс.
Back to Basics: Efficient Async and Await - Filip Ekberg - NDC London 2022
1:01:59
Back to Basics: Efficient Async and Await - Filip Ekberg - NDC London 2022
Просмотров 23 тыс.
Getting API Security Right - Philippe De Ryck - NDC Security 2022
53:13
Getting API Security Right - Philippe De Ryck - NDC Security 2022
Просмотров 6 тыс.
Moving 17 years of old legacy code and sites into the Cloud - Scott Hanselman - NDC Porto 2022
1:00:17
Moving 17 years of old legacy code and sites into the Cloud - Scott Hanselman - NDC Porto 2022
Просмотров 52 тыс.
The Rise & Fall of LISP - Too Good For The Rest Of the World
17:44
The Rise & Fall of LISP - Too Good For The Rest Of the World
Просмотров 37 тыс.
🚀 TDD, Where Did It All Go Wrong (Ian Cooper)
1:03:55
🚀 TDD, Where Did It All Go Wrong (Ian Cooper)
Просмотров 553 тыс.
Wylsa Pro: опять блокировка YouTube?
17:49
Wylsa Pro: опять блокировка YouTube?
Просмотров 335 тыс.
Choose a phone for your mom
0:20
Choose a phone for your mom
Просмотров 7 млн
TECNO CAMON 30 smartfoni eng bejetni smartfon BEKMOBIL do’konlarida🤩🔥
1:01
TECNO CAMON 30 smartfoni eng bejetni smartfon BEKMOBIL do’konlarida🤩🔥
Просмотров 1,3 млн
Зачем ЭТО электрику? #секрет #прибор #энерголикбез
0:56
Зачем ЭТО электрику? #секрет #прибор #энерголикбез
Просмотров 408 тыс.
Смело ставь iOS 18
0:57
Смело ставь iOS 18
Просмотров 152 тыс.
Мощное УСИЛЕНИЕ СВЯЗИ и ИНТЕРНЕТА НА СМАРТФОНЕ Android 👉 КАК УСИЛИТЬ ИНТЕРНЕТ СИГНАЛ на Android ✔
9:08
Мощное УСИЛЕНИЕ СВЯЗИ и ИНТЕРНЕТА НА СМАРТФОНЕ Android 👉 КАК УСИЛИТЬ ИНТЕРНЕТ СИГНАЛ на Android ✔
Просмотров 299 тыс.
3 месяца подготовки и тут.. Выпуск уже на канале! #litvin #unit_ru #iphone #litenergy #shortvideo
0:55
3 месяца подготовки и тут.. Выпуск уже на канале! #litvin #unit_ru #iphone #litenergy #shortvideo
Просмотров 904 тыс.