(Updated, see below) The slides for our workshop in Security and Secure development are now online on the presentations page. It was a full schedule and a lot more content compressed into a single day.
We went over threat modeling, risk analysis, dataflow, development practices, validation, code review, code quality and a lot more during the day.
Here is the source code to the Code review exercises, please be aware that they are broken on purpouse.
Resources from the workshop / Presentations
- Schneier, Doctorow, Data as pollution
- Falsehoods programmers believe about names
- Falsehoods programmers believe about time
- Falsehoods programmers believe about addresses
- Falsehoods programmers believe about Geography
- Writing a good git commit
- Doing terrible things to your Code
- From STUPID to SOLID
- OWASP, PHP Security Cheat Sheet
- SQL Injection, Myths and Fallacities
- Microsoft, SQL Injection
- Wikipedia, Threat Model
- OWASP, Threat Modeling
- Microsoft SDL
- Wikipedia, Mojibake
- Atlassian, comparing git workflows