In this talk, the speakers will give an introduction to application security. We currently do Security at Centralway and have to constantly do application security testing and teach our developers how to write Secure code. We believe this is the right path to solve many of the problems that are found nowadays on web applications instead of trying to do it at a higher layer. "give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime" is the motto we apply on our development training here at Centralway.
We will have a run through the most common vulnerabilities found on web applications (OWASP TOP 10) and explain how they can be fixed and what are the correct countermeasures that should be used.
On the second part of this talk we will present SourceRadar, an automated source code analysis framework that we developed at Centralway, which is language agnostic, and combines security rules with gamification (as a way to reward and create a level competition amongst our developers). This tool will be presented for the first time at Codebits and will be open source as well. Using it you can easily get information on which vulnerabilities exist in your code, how critical they can be and how they can be fixed, instead of waiting for your application to be hacked.