Thomas Konrad

Software Security 101: Secure Coding Basics

What's the biggest security risk in your application? It might not be the code you actually wrote.

Software Security 101: Secure Coding Basics
#1about 15 minutes

Understanding core software security principles and terminology

Key concepts like the CIA triad, technical debt, and design principles provide a shared language for discussing security.

#2about 19 minutes

Evaluating programming languages for security features

Criteria like memory safety, type strictness, and sandbox support help in selecting a language that mitigates entire classes of vulnerabilities by design.

#3about 13 minutes

Implementing secure input and output handling

Proper input validation, canonicalization, sanitization, and context-sensitive output encoding are crucial for preventing injection attacks.

#4about 5 minutes

Avoiding pitfalls in low-level languages and enforcing access control

Low-level languages require manual bounds checking to prevent buffer overflows, while complete mediation ensures access control is checked on every request.

#5about 8 minutes

Applying cryptography and managing user sessions securely

Use standard, well-vetted cryptographic libraries and follow best practices for session management to protect data and user identity.

#6about 9 minutes

Handling concurrency to prevent data integrity issues

Race conditions can lead to data integrity problems, which can be mitigated using techniques like entity versioning or resource locking.

#7about 12 minutes

Understanding common web and API vulnerability classes

Familiarity with lists like the OWASP Top 10 and CWE Top 25 helps in creating targeted protection strategies for specific vulnerabilities like cross-site scripting.

#8about 5 minutes

Managing third-party software dependencies for security

Automating dependency checks for known vulnerabilities is essential because third-party libraries often constitute the majority of an application's code.

#9about 7 minutes

Integrating security into the software development lifecycle

Using a maturity model like OWASP SAM helps shift security left by incorporating activities like threat modeling early in the design phase.

#10about 19 minutes

Key takeaways and resources for continuous security learning

Cultivate a culture of continuous learning by using resources like OWASP Juice Shop and focusing on understanding the entire technology stack.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Crypto crime, EU regulation, and working while you sleep
01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

The value of progressive enhancement and semantic HTML
03:31 MIN

The value of progressive enhancement and semantic HTML

WeAreDevelopers LIVE – You Don’t Need JavaScript, Modern CSS and More

Navigating the growing complexity of modern CSS
09:00 MIN

Navigating the growing complexity of modern CSS

WeAreDevelopers LIVE – You Don’t Need JavaScript, Modern CSS and More

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

The industry's focus on frameworks over web fundamentals
11:32 MIN

The industry's focus on frameworks over web fundamentals

WeAreDevelopers LIVE – Frontend Inspirations, Web Standards and more

Why you might not need JavaScript for everything
02:33 MIN

Why you might not need JavaScript for everything

WeAreDevelopers LIVE – You Don’t Need JavaScript, Modern CSS and More

Comparing the security models of browsers and native apps
05:01 MIN

Comparing the security models of browsers and native apps

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Featured Partners

Related Videos

See all videos
Programming secure C#/.NET Applications: Dos & Don'ts33:29

Programming secure C#/.NET Applications: Dos & Don'ts

Sebastian Leuer

101 Typical Security Pitfalls28:41

101 Typical Security Pitfalls

Alexander Pirker

Security Pitfalls for Software Engineers27:32

Security Pitfalls for Software Engineers

Jasmin Azemović

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together23:34

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Stefania Chaplin

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?27:36

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?

Tino Sokic

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

How GitHub secures open source25:28

How GitHub secures open source

Joseph Katsioloudes

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?

From learning to earning

Jobs that call for the skills explored in this talk.

Security Engineer

Security Engineer

Syntax Systems GmbH & Co. KG
Weinheim, Germany

Remote
Python
Ansible
Powershell
Scripting (Bash/Python/Go/Ruby)