Event Details

Please note: All times listed below are in Central Time Zone

<< Go back
Introduction to Secure Coding Principles
Hands-On Workshops

This workshop is appropriate for any developer who wants to write secure code. No security knowledge is assumed but Python knowledge is needed to run and modify code. For command injection, SQL injection, and temporary file attacks we will do the following:

  1. Run the code with malicious input to see and understand exactly how the vulnerable code is exploited to gain unauthorized access to the system
  2. Discuss safe coding practices to avoid the vulnerabilty
  3. Fix the code and run it again to show how the corrected code can no longer be used to access the system

Additional secure coding principles are discussed including safe library and function usage, file permissions, least privilege, defense in depth, input validation, and how to defend against path and symlink attacks. Pointers to online resources and books which have been vetted by several security professionals and are considered to be among the best available are included so attendees can continue to grow their knowledge.


What can I expect to learn?
  1. See and understand exactly why code can be vulnerable to command injection, SQL injection, and temporary file attacks by performing these attacks on vulnerable code and seeing the results.
  2. Understand the secure coding principles which prevent these classes of attacks to write code which is more difficult for attackers to exploit.
  3. Apply those secure coding principles to correct the vulnerable code, then attack the corrected code to see that it is no longer vulnerable to the attack.
  4. Learn other secure coding principles including safe library and function usage, file permissions, least privilege, defense in depth, input validation, and how to defend against path and symlink attacks.
  5. Discover additional resources which explain additional secure coding principles.
Thursday, November 15, 9:00am-10:30am (8:00am - 9:30am UTC)
Hall 7 - Level 1 - 7.1a / NY1
Difficulty Level: Beginner
Tags: Hands-on Workshop Technical
Bryan Stephenson
Security Architect
Bryan has held many roles and created many products, services, and research prototypes during his 30 year career in Silicon Valley R&D. He is currently the Security Architect for SUSE OpenStack Cloud where he performs a variety of security assurance activities including vulnerability management, architectural threat analysis, code reviews, penetration tests, running code scanning tools, and... FULL PROFILE