Jasmin Azemović

Security Pitfalls for Software Engineers

Thinking about security at the end of your development cycle is already too late. Here’s how to fix it.

Security Pitfalls for Software Engineers
#1about 4 minutes

The high cost and consequences of security breaches

Major companies like Uber and Microsoft have suffered massive data breaches, costing millions and highlighting the severe financial and reputational risks of poor security.

#2about 6 minutes

Foundational practices for writing secure software code

Writing secure code starts with fundamental practices like proper input validation, applying threat modeling methodologies like STRIDE, and adhering to the principle of least privilege.

#3about 5 minutes

Mitigating supply chain attacks with DevSecOps practices

Vulnerabilities in third-party libraries, like the SolarWinds and Log4j incidents, necessitate a DevSecOps approach to integrate security checks throughout the software development lifecycle.

#4about 2 minutes

Essential security measures for protecting public APIs

Publicly exposed APIs must be protected using strong authentication, TLS/SSL encryption for data in transit, and defenses against common attack vectors.

#5about 5 minutes

Protecting data with database encryption and temporal tables

Encrypting sensitive data at the database level protects it even if breached, while temporal tables provide a complete audit trail for forensic analysis.

#6about 2 minutes

Implementing a robust penetration testing strategy

Regular penetration testing, distinct from QA, should be a standard practice using methodologies like black-box or white-box testing and frameworks like the OWASP Top 10.

#7about 1 minute

Maintaining security by separating work and personal devices

Avoid using company-issued laptops for personal or freelance projects to prevent legal liabilities and security compromises between environments.

#8about 3 minutes

Q&A on vulnerable libraries and team security responsibility

The session concludes with answers to audience questions about tracking open-source vulnerabilities, choosing a pen test environment, and clarifying security roles within an agile team.

Related jobs
Jobs that call for the skills explored in this talk.

Remote

Name of

Name of

Remote
Intermediate
PHP
Java
+1

Matching moments

Cybersecurity is a foundational necessity not a passing trend
05:49 MIN

Cybersecurity is a foundational necessity not a passing trend

Decoding Trends: Strategies for Success in the Evolving Digital Domain

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Why developers make basic cybersecurity mistakes
02:26 MIN

Why developers make basic cybersecurity mistakes

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Balancing developer and stakeholder security priorities
04:25 MIN

Balancing developer and stakeholder security priorities

What The Hack is Web App Sec?

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
From vulnerability researcher to automated security founder
05:31 MIN

From vulnerability researcher to automated security founder

The transformative impact of GenAI for software development and its implications for cybersecurity

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Common security failures beyond individual coding errors
03:27 MIN

Common security failures beyond individual coding errors

Maturity assessment for technicians or how I learned to love OWASP SAMM

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Key strategies for building a secure code culture
02:23 MIN

Key strategies for building a secure code culture

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Exploring the need for regulation in software development
03:35 MIN

Exploring the need for regulation in software development

Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Shifting security left with collaborative threat modeling
03:08 MIN

Shifting security left with collaborative threat modeling

We adopted DevOps and are Cloud-native, Now What?

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.

Featured Partners

Related Videos

See all videos
Cybersecurity for Software Defined Vehicles22:09

Cybersecurity for Software Defined Vehicles

Henning Harbs

Software Security 101: Secure Coding Basics1:58:48

Software Security 101: Secure Coding Basics

Thomas Konrad

You click, you lose: a practical look at VSCode's security29:47

You click, you lose: a practical look at VSCode's security

Thomas Chauchefoin & Paul Gerste

You can’t hack what you can’t see29:34

You can’t hack what you can’t see

Reto Kaeser

Climate vs. Weather: How Do We Sustainably Make Software More Secure?51:41

Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Panel Discussion

Cyber Security: Small, and Large!37:32

Cyber Security: Small, and Large!

Martin Schmiedecker

Building Security Champions48:02

Building Security Champions

Tanya Janca

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
CH
Chris Heilmann
Dev Digest 134 - Where pixels sing?
News and ArticlesWeAreDevelopers LIVE Data and Security Day is on Wednesday, 25/09/2024. Learn about OPC UA Updates, Best Practices for Using GitHub Secrets, Passwordless Web 1.5, Emerging AI Security Risks, Data Privacy in LLMs and get a chance to t...
Dev Digest 134 - Where pixels sing?
CH
Chris Heilmann
Dev Digest 129 - Now that's what I call private data!
News and ArticlesAfter declaring Google a monopoly there are now considerations to force it to break up - isn't that what the whole Alphabet thing was about? In the last act of Crowdstrike coverage here, they released a deep analysis of the outage th...
Dev Digest 129 - Now that's what I call private data!
CH
Chris Heilmann
Dev Digest 110 - XY marks the spotty security
This time we give you a collection of links about the XZ backdoor, solve the last CODE100 puzzle, announce the next round of it, let you play with colours and explain why Lava lamps are great to keep the web secure.News and ArticlesThe big piece of n...
Dev Digest 110 - XY marks the spotty security

From learning to earning

Jobs that call for the skills explored in this talk.