Secure Coding Back to Basics - Erlend Oftedal - NDC Security 2022

Поделиться
HTML-код
  • Опубликовано: 26 авг 2024
  • In this talk we will go back a bit and discuss secure code.
    We will look at the constructs we are using (and not using) and why changing some of the ways we typically write our code, can have security benefits. We will grab some elements from (modern) Domain Driven Design and see how we can use this to avoid or limit vulnerabilities.
    Check out more of our featured speakers and talks at
    ndcconferences...
    ndc-security.com/

Комментарии • 6

  • @Najumulsaqib
    @Najumulsaqib Год назад

    Wonderful talk; you gave a unique perspective on secure coding which I havent heard before. Thanks

  • @Hofer2304
    @Hofer2304 2 года назад +3

    I have problems with duck typing. If you write a simple program, it is not a problem, but otherwise it is no help. I want to define my own domain specific types, and use them in a natural way. The best place for a type error detection is the editor.
    I have problems if nothing is really private.
    I want to declare my variables and constants, because I need as much help from the computer as possible.

  • @capability-snob
    @capability-snob 10 месяцев назад

    Wow I missed that trusted types (for innerHTML) thing the first time through. The policies are not a great API - it's spooky action at a distance - but it still seems worth switching that on.

  • @jbird4478
    @jbird4478 2 года назад +6

    "Data does not stay data. This is a bug." Exactly. So why are we still using the same crappy SQL language as we did 50 years ago? Why not use some binary protocol where data is never evaluated as commands?

    • @jbird4478
      @jbird4478 2 года назад +1

      @@panosdotnet How it's stored is not related to the query language. The problem of SQL injection is that the app sends a command in the form of text to the database server. There is no distinction between the data and the command there, so data can accidentally be interpreted as a command. If you'd use a binary protocol for communicating with the server you could encode this distinction easily. Rather than letting the server pick one string of text apart, you'd just say "here's X bytes of data" and the server would know never to interpret those bytes as potential commands.

  • @tactileslut
    @tactileslut 2 года назад

    No fault of the speaker but the video production was not laid out for legibility on the small screen.

Следующие
Автовоспроизведение
Back to Basics: Efficient Async and Await - Filip Ekberg - NDC Porto 20221:02:00Back to Basics: Efficient Async and Await - Filip Ekberg - NDC Porto 2022
Back to Basics: Efficient Async and Await - Filip Ekberg - NDC Porto 2022NDC Conferences
Просмотров 12 тыс.
Repeatable Execution - Mark Seemann - NDC Copenhagen 20221:00:07Repeatable Execution - Mark Seemann - NDC Copenhagen 2022
Repeatable Execution - Mark Seemann - NDC Copenhagen 2022NDC Conferences
Просмотров 8 тыс.
CppCon 2018: “Secure Coding Best Practices: Your First Line Is The Last Line Of Defense (1 of 2)”59:56CppCon 2018: “Secure Coding Best Practices: Your First Line Is The Last Line Of Defense (1 of 2)”
CppCon 2018: “Secure Coding Best Practices: Your First Line Is The Last Line Of Defense (1 of 2)”CppCon
Просмотров 18 тыс.
I Climbed To The Forgotten Mine That Changed Cars Forever28:38I Climbed To The Forgotten Mine That Changed Cars Forever
I Climbed To The Forgotten Mine That Changed Cars ForeverGhost Town Living
Просмотров 300 тыс.
This Is Goodbye. (RIP 7/27/79 - 8/25/24)03:32This Is Goodbye. (RIP 7/27/79 - 8/25/24)
This Is Goodbye. (RIP 7/27/79 - 8/25/24)Rob Pitts
Просмотров 1,8 млн
Star Wars Outlaws Made Me Angry... | Review22:54Star Wars Outlaws Made Me Angry... | Review
Star Wars Outlaws Made Me Angry... | ReviewMrMattyPlays
Просмотров 212 тыс.
Blind Dating 7 Reality TV Stars50:44Blind Dating 7 Reality TV Stars
Blind Dating 7 Reality TV StarsDavid Alvareeezy
Просмотров 1 млн
Writing Secure Node Code: Understanding and Avoiding the Most Common Node.js Security Mistakes22:30Writing Secure Node Code: Understanding and Avoiding the Most Common Node.js Security Mistakes
Writing Secure Node Code: Understanding and Avoiding the Most Common Node.js Security Mistakesnode.js
Просмотров 121 тыс.
Turns out REST APIs weren't the answer (and that's OK!)10:38Turns out REST APIs weren't the answer (and that's OK!)
Turns out REST APIs weren't the answer (and that's OK!)Dylan Beattie
Просмотров 149 тыс.
Application security from start to finish - Michael Kaufmann - NDC Porto 202245:56Application security from start to finish - Michael Kaufmann - NDC Porto 2022
Application security from start to finish - Michael Kaufmann - NDC Porto 2022NDC Conferences
Просмотров 9 тыс.
Back to Basics: Efficient Async and Await - Filip Ekberg - NDC London 20221:01:59Back to Basics: Efficient Async and Await - Filip Ekberg - NDC London 2022
Back to Basics: Efficient Async and Await - Filip Ekberg - NDC London 2022NDC Conferences
Просмотров 23 тыс.
C++Now 2018: Matthew Butler “Secure Coding Best Practices”1:27:25C++Now 2018: Matthew Butler “Secure Coding Best Practices”
C++Now 2018: Matthew Butler “Secure Coding Best Practices”CppNow
Просмотров 4,7 тыс.
Getting API security right - Philippe De Ryck - NDC London 202351:49Getting API security right - Philippe De Ryck - NDC London 2023
Getting API security right - Philippe De Ryck - NDC London 2023NDC Conferences
Просмотров 26 тыс.
Where’s C# headed? - Mads Torgersen - NDC Copenhagen 20221:01:28Where’s C# headed? - Mads Torgersen - NDC Copenhagen 2022
Where’s C# headed? - Mads Torgersen - NDC Copenhagen 2022NDC Conferences
Просмотров 29 тыс.
Developing for Linux on Windows - Scott Hanselman - NDC Porto 20221:08:42Developing for Linux on Windows - Scott Hanselman - NDC Porto 2022
Developing for Linux on Windows - Scott Hanselman - NDC Porto 2022NDC Conferences
Просмотров 42 тыс.
Domain-Driven Refactoring - Jimmy Bogard - NDC London 20221:00:03Domain-Driven Refactoring - Jimmy Bogard - NDC London 2022
Domain-Driven Refactoring - Jimmy Bogard - NDC London 2022NDC Conferences
Просмотров 45 тыс.
ВИРУСНЫЕ ВИДЕО / Кот ест арбуз 😅00:25ВИРУСНЫЕ ВИДЕО / Кот ест арбуз 😅
ВИРУСНЫЕ ВИДЕО / Кот ест арбуз 😅Светлый Voice
Просмотров 227 тыс.
Построила Секретную Комнату, Чтобы Следить за Своим Парнем !25:07Построила Секретную Комнату, Чтобы Следить за Своим Парнем !
Построила Секретную Комнату, Чтобы Следить за Своим Парнем !Морковь PRO
Просмотров 702 тыс.
Самые красивые проводные наушники! ❗#распаковка #наушники #вкладыши #техника #технологии01:00Самые красивые проводные наушники! ❗#распаковка #наушники #вкладыши #техника #технологии
Самые красивые проводные наушники! ❗#распаковка #наушники #вкладыши #техника #технологииПавел Хмурчик
Просмотров 188 тыс.
ТРИ НОЧИ В ДИКОЙ ТАЙГЕ. МЕДВЕДЬ РАЗОРИЛ СХРОН. ЗАБЛУДИЛСЯ. РЫБАЛКА.37:54ТРИ НОЧИ В ДИКОЙ ТАЙГЕ. МЕДВЕДЬ РАЗОРИЛ СХРОН. ЗАБЛУДИЛСЯ. РЫБАЛКА.
ТРИ НОЧИ В ДИКОЙ ТАЙГЕ. МЕДВЕДЬ РАЗОРИЛ СХРОН. ЗАБЛУДИЛСЯ. РЫБАЛКА.-ТАЁЖНЫЙ-
Просмотров 331 тыс.
Х.евая доставка 😂00:23Х.евая доставка 😂
Х.евая доставка 😂КАРЕНА МАКАРЕНА
Просмотров 1,3 млн
ТЫ БЫ НИКОГДА ТАКОЕ НЕ ЗАГУГЛИЛ #1832:38ТЫ БЫ НИКОГДА ТАКОЕ НЕ ЗАГУГЛИЛ #18
ТЫ БЫ НИКОГДА ТАКОЕ НЕ ЗАГУГЛИЛ #18Utopia Show
Просмотров 1,4 млн
ЛОВИМ НОВЫХ МОНСТРОВ В LETHAL COMPANY2:42:22ЛОВИМ НОВЫХ МОНСТРОВ В LETHAL COMPANY
ЛОВИМ НОВЫХ МОНСТРОВ В LETHAL COMPANYAnastasiz
Просмотров 210 тыс.
Арестович: Курск: время принятия новых решений. Сбор для военных👇1:49:30Арестович: Курск: время принятия новых решений. Сбор для военных👇
Арестович: Курск: время принятия новых решений. Сбор для военных👇Alexey Arestovych
Просмотров 424 тыс.