If we could vote the most underrated area of software development, security might be an easy winner. In the past, it was considered as a side project where you would eventually manage a user and access rights feature in your application. Things started changing with the web and the concept of “cross site scripting” or “SQL injections” should be understood by every developer.
In a context where devices running software are often open for everybody through the web or more local network protocols like wifi, bluetooth, etc, the possibility to attack the devices and the software are more important than ever. Hardening the security of your software should be integrated in your good coding practices. Here are some videos discussing software security that can help you improving your knowledge on this important topic.
* Top 10 Security Mistakes In Software
Why are we still creating software with so many security-related problems? What are the most common mistakes made during the software development process that leads to security problems in the finished product? This talk presents the top 10 issues leading to insecure software systems. This talk is NOT about the technical aspects of buffer overflows, shell code or use-after-free vulnerabilities. It is about language- and OS-independent security-aspects such as design decisions, concepts, mistakes and bad luck.
* Principles of Security
Douglas Crockford outlines the basic principles of designing secure software, with a focus on web applications. With his usual sardonic wit, he starts at the beginning (almost literally — with the invention of language itself) and makes a strong case for designing secure software based on fundamental principles rather than specific techniques, tricks, or hacks.
* A Deep Dive Into Mobile Malware
Emil Ong provides firsthand information on mobile malware and ways to protect yourself from malware threats. This presentation gives an in-depth analysis on ways to keep your phone safe. The talk cites examples of common malware threats (some of which include drive-by download, fake players, trojan apps) and includes a look at the code of certain harmful software.
* OWASP Appsec Tutorial Series – Episode 3: Cross Site Scripting (XSS)
This video illustrates three version of an XSS attack: high level, detailed with the script tag, and detailed with no script tag, and then recommends resources for further learning.
* SQL Injection Explained
This tutorial explains in simple terms what the SQL Injection vulnerability is, and how real threats result from this typical exploitation. It features a sample exploitation scenario illustrating clear steps of what an attacker may do with a website which is vulnerable to error based SQL Injection.
*Advanced SQL Injection
SQL Injection is a vulnerability that is often missed by web application security scanners, and it’s a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited. Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible
* Front-to-Back Security for Mobile, HTML5 and Java EE
Enterprise security has never been more important or complex than it is today. Mobile devices, new client technologies, and cloud-based services are just some of the recent additions. Handling JAX-RS endpoints, spotty connectivity, local storage support, constrained devices and other land mines can be more than just a challenge. These also seem to be among the first areas glossed over by most projects. Why? Because dealing with them is hard! In this session, developers will get an understanding of these issues through examples and real-world use cases. It includes specific guidance for handling them and discusses how to work around current technical challenges and handle some special cases exclusive to mobile applications.
* Securing Ruby on Rails
Building safe web applications isn’t always easy. The good news is that Rails provides a lot of features that will help you along the way. Learn the common mistakes made by web developers, and how to account for them while working with Rails. This video also presents some tools you can use to make securing your applications much easier.
Find more software security videos on SoftDevTube.com.
Pingback: MindEdge Monthly: Top Project Management Blogs Project Management At Work