LISBON 10-12
APRIL 2014
LISBON 10-12
APRIL 2014

Edit your talk

Talks > Secure coding, gamification and automation for the win

Status

This talk has been approved for this year's edition. Check the calendar for more information.

Language

English

Abstract

In this talk, the speakers will give an introduction to application security. We currently do Security at Centralway and have to constantly do application security testing and teach our developers how to write Secure code. We believe this is the right path to solve many of the problems that are found nowadays on web applications instead of trying to do it at a higher layer. "give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime" is the motto we apply on our development training here at Centralway.
We will have a run through the most common vulnerabilities found on web applications (OWASP TOP 10) and explain how they can be fixed and what are the correct countermeasures that should be used.

On the second part of this talk we will present SourceRadar, an automated source code analysis framework that we developed at Centralway, which is language agnostic, and combines security rules with gamification (as a way to reward and create a level competition amongst our developers). This tool will be presented for the first time at Codebits and will be open source as well. Using it you can easily get information on which vulnerabilities exist in your code, how critical they can be and how they can be fixed, instead of waiting for your application to be hacked.

Proposal date

2013-10-25 15:07:11

Rate & Comment

You can use this section to optionally comment on this talk (comments are public). Your comment is saved when you press the "comment" button at the bottom. Your thumb decision is private, no one will see it. You can change thumb decision at any time later, the last submission will prevail. You can post as many comments as you want.

You need to be registered and logged in to comment or rate this talk proposal.

Comments

João da Silva Fernandes
on , said:

Hoping it lives up to last year's infosec talk.

$geekfactor 0xa

Bruno Crociquia
on , said:

Relevant talk.

$geekfactor 0x0

Miguel Loureiro
on , said:

very interesting

$geekfactor 0x0

Martin Naumann
on , said:

Neat - making AppSec actually FUN for developers!

$geekfactor 0x3

José Lopes (Sá)
on , said:

Nice! Really looking forward to it! :)

$geekfactor 0x0

André Dias
on , said:

A must see =)

$geekfactor 0x0

Paulo Pires
on , said:

Really interested in this one.

$geekfactor 0x0

Gilberto Gonçalves
on , said:

Last year your talk was awesome, I want more!

$geekfactor 0x0

Tiago Henriques
on , said:

Hey Codebits staff, if you have the space we would be happy to do a appsec workshop after our talk to some attendees!

$geekfactor 0x4

David Dias
on , said:

If it comes from Centralway folks, it has my 100% approval !

$geekfactor 0x2

P.F.
on , said:

+ Tiago Henriques, That would be awesome!

$geekfactor 0x1

Astrid Creuzburg
on , said:

Epic score!

$geekfactor 0x2

Igor Antunes
on , said:

Nice! for me is a must attend.

$geekfactor 0x0

David Magalhães
on , said:

Nice. I'm keen to see all about it.

$geekfactor 0x0

António Pedro Oliveira Cunha Santos
on , said:

Interesting talk! :)

$geekfactor 0x0

José Pedro Marques
on , said:

Will definitely see

$geekfactor 0x0

Hélder Alexandre dos Santos Moreira
on , said:

Count me in!

$geekfactor 0x0

Igor Antunes
on , said:

Can't wait for this presentation xD

$geekfactor 0x0

Iurie Solomon
on , said:

"This tool will be presented for the first time at Codebits and will be open source as well."---> muito bem

$geekfactor 0x0

João Afonso
on , said:

Interesting...

$geekfactor 0x0

Rui Grandão Rocha
on , said:

Really interesting

$geekfactor 0x0

Rui Gomes
on , said:

Really interested in attending this talk

$geekfactor 0x0

Renato Miguel Rodrigues
on , said:

+ João da Silva Fernandes, hoping the same!

$geekfactor 0x0

Bruno Tiago Rodrigues
on , said:

Voting up - clearly a topic deserving main stage development.

$geekfactor 0x0

João Barata Oliveira
on , said:

Looking forward to see this talk.

$geekfactor 0x0

Pedro Brito
on , said:

Very importante topic these days! Hope it gets to the main stage

$geekfactor 0x0

David Silva
on , said:

I'm looking forward to see this talk!

$geekfactor 0x0

Fernando Araújo
on , said:

Looks good! Count me in!

$geekfactor 0x0

Serafim Pinto
on , said:

+1
great talk, seems very interesting!

$geekfactor 0x0

José Miguel Malaca
on , said:

like it :D good luck

$geekfactor 0x0

Paulo J Morgado
on , said:

"automation" is the way to go....

$geekfactor 0x0

Gonçalo Sá
on , said:

Infosec talks FTW! :D

$geekfactor 0x0

Vamos ver

$geekfactor 0x0

Pedro Costa
on , said:

Computer says no...

$geekfactor 0x0

Ricardo Carneiro
on , said:

sounds very interesting... +1

$geekfactor 0x0

Alberto Manuel da Silva Gomes
on , said:

Good talk...

$geekfactor 0x0

Nelson Brandão
on , said:

I'm looking forward to it

$geekfactor 0x0

Nuno Costa
on , said:

Bazinga!!! going just for the Sweaters :) tbbt

$geekfactor 0x0

Diogo Simões
on , said:

Excelente assunto. Quero ir!!!

$geekfactor 0x0

Jorge Encarnação
on , said:

Very relevant, looking forward to see if I should/could implement this for my team.

$geekfactor 0x0

Hugo Santos
on , said:

Looks interesting

$geekfactor 0x0

Miao Sun
on , said:

Interesting, upvoted!

$geekfactor 0x0

Andre Duarte
on , said:

A must go. Writing secure code is one of the most insecure tasks ever, since you tend to think you're safe until you get attacked... and if you're a web developer, don't even get me started! :) See you there!

$geekfactor 0x0

Jorge Miguel Ferreira Alves
on , said:

Looking forward to attend this talk!

$geekfactor 0x0

Hugo Antunes
on , said:

Nice! ::D

$geekfactor 0x0

You must log-in in order to comment this.