Jasmin Azemović

Security Pitfalls for Software Engineers

Thinking about security at the end of your development cycle is already too late. Here’s how to fix it.

Security Pitfalls for Software Engineers
#1about 4 minutes

The high cost and consequences of security breaches

Major companies like Uber and Microsoft have suffered massive data breaches, costing millions and highlighting the severe financial and reputational risks of poor security.

#2about 6 minutes

Foundational practices for writing secure software code

Writing secure code starts with fundamental practices like proper input validation, applying threat modeling methodologies like STRIDE, and adhering to the principle of least privilege.

#3about 5 minutes

Mitigating supply chain attacks with DevSecOps practices

Vulnerabilities in third-party libraries, like the SolarWinds and Log4j incidents, necessitate a DevSecOps approach to integrate security checks throughout the software development lifecycle.

#4about 2 minutes

Essential security measures for protecting public APIs

Publicly exposed APIs must be protected using strong authentication, TLS/SSL encryption for data in transit, and defenses against common attack vectors.

#5about 5 minutes

Protecting data with database encryption and temporal tables

Encrypting sensitive data at the database level protects it even if breached, while temporal tables provide a complete audit trail for forensic analysis.

#6about 2 minutes

Implementing a robust penetration testing strategy

Regular penetration testing, distinct from QA, should be a standard practice using methodologies like black-box or white-box testing and frameworks like the OWASP Top 10.

#7about 1 minute

Maintaining security by separating work and personal devices

Avoid using company-issued laptops for personal or freelance projects to prevent legal liabilities and security compromises between environments.

#8about 3 minutes

Q&A on vulnerable libraries and team security responsibility

The session concludes with answers to audience questions about tracking open-source vulnerabilities, choosing a pen test environment, and clarifying security roles within an agile team.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Crypto crime, EU regulation, and working while you sleep
01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Prompt injection as an unsolved AI security problem
07:39 MIN

Prompt injection as an unsolved AI security problem

AI in the Open and in Browsers - Tarek Ziadé

The importance of client-side encryption for AI features
03:16 MIN

The importance of client-side encryption for AI features

AI in the Open and in Browsers - Tarek Ziadé

Comparing the security models of browsers and native apps
05:01 MIN

Comparing the security models of browsers and native apps

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

The most dangerous trap for HR during company growth
04:20 MIN

The most dangerous trap for HR during company growth

From Data Keeper to Culture Shaper: The Evolution of HR Across Growth Stages

Featured Partners

Related Videos

See all videos
Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?27:36

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?

Tino Sokic

101 Typical Security Pitfalls28:41

101 Typical Security Pitfalls

Alexander Pirker

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together23:34

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Stefania Chaplin

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes28:01

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Tino Sokic

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Programming secure C#/.NET Applications: Dos & Don'ts33:29

Programming secure C#/.NET Applications: Dos & Don'ts

Sebastian Leuer

Software Security 101: Secure Coding Basics1:58:48

Software Security 101: Secure Coding Basics

Thomas Konrad

Why Security-First Development Helps You Ship Better Software Faster22:18

Why Security-First Development Helps You Ship Better Software Faster

Michael Wildpaner

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
DC
Daniel Cranney
Understanding and Mitigating Common Web Vulnerabilities
Vulnerabilities exist in many forms on the web, and attackers continue to find creative ways to exploit them. Technological advances like the proliferation of AI are of course exciting nd filled with opportunities, they equally present opportunities ...
Understanding and Mitigating Common Web Vulnerabilities

From learning to earning

Jobs that call for the skills explored in this talk.