Software Development and information security are tightly tied together. A bug attracts vulnerabilities and bugs and vulnerabilities combined can be turned into exploits to compromise systems. In an ideal world security starts at the design or development stage. While you probably will never be able to completely eliminate bugs in (your) code due to the complexity of modern applications and their dependencies, you still can improve the security record by paying attention. So where do you get started? What are the most common mistakes made during the software development process that leads to security problems in the finished product? Peter af Geijerstam will address the top 10 security mistakes in his talk at DeepSec 2013.
Mistakes during software development do not always have to be caught at the quality assurance stage. You can catch a lot earlier, provided your developers know what security means and how their methods can impact the severity of bugs. Developers cannot claim “that’s not my job” any more when it comes to code security. They have to have some knowledge of what to look out for and what to avoid.
This talk is recommended for everyone being involved in software development. It’s not only important for programmers to know about the pitfalls. If you lead a development project, can influence the design of the software, or do quality assurance, then you should attend, too.