Your Code Security Blanket

by Colin Lee | at Minnebar 15

Everything in software is broken.

Breaches happen everyday. We get so many offers of free credit monitoring from companies that lost every bit of our data to the dark web that it makes no sense to buy any.

In the past few months, every certificate check on Windows was broken. Every VPN on non-Windows was broken. Every app and service seems to be breaking all of the time. Now, the most powerful bank trojan horses have been open-sourced for any criminal to use and improve.

I’ll give a crash course in the best ways to not crash your apps with remote code execution.

Security is not magic. Hackers don’t break your code like it appears in the movies. You can be a respected expert who other engineers come to for security advice. But it all starts with simple steps that any developer can perform.

Some modern languages offer more safety than the gold standards like C/C++ or even Java. If you’re not aware of the ways in which programs break, you may not know which patterns to use and which to avoid. Not knowing what to look for, you could be allowing critical, zero-day security flaws to pass through your code reviews without even a warning.

We will examine well-known security exploits, how code broke, and how coding with style can help you avoid these problems.

Intermediate

Colin Lee

Colin is an experienced software engineer specializing in Android development. He worked for Mozilla on the Firefox for Android rewrite. He has worked for many successful companies in the past fifteen years, including Amazon, Flipgrid (acquired by Microsoft), Cray, Pearson VUE, and When I Work. He runs the Twin Cities Kotlin User Group in his spare time. He now works full-time for Meetup and enjoys traveling the world during their generous paid time off.

He has been programming since he learned BASIC on the TRS-80 computer in his parents' basement at age six. He has been writing Android apps since soon after the first Android phone launched and has done so professionally since the last space shuttle landed. In that time, he's probably been pitched every silly app idea and been offered a percent stake in the zero dollars most actually earned.