Cybersecurity: It’s All About the Coders | Dan Cornell | TEDxSanAntonio
Вставка
- Опубліковано 5 сер 2024
- Software developers need to fundamentally rethink the coding process to include an explicit focus on the privacy and security aspects of their code rather than simply regarding it as an afterthought.
A globally recognized application security expert, Dan Cornell has over 15 years of experience architecting, developing, and securing web-based software
systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd.,
he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group’s industry leading applica-tion vulnerability management platform. He holds a Bachelor of Science degree
with Honors in Computer Science from Trinity University where he graduated Magna Cum Laude.
This talk was given at a TEDx event using the TED conference format but independently organized by a local community. Learn more at ted.com/tedx
Some of the top cybersecurity experts and coders out there, never stepped foot in a university classroom. If you can code, you can get a great job in this industry
I agree, "degrees" are absolutely overrated... the best are usually self-taught... the ONE GREAT THING in this talk is when he says his "education" was overpriced
Ehh the demand is so high vs the 1980 they want you to have the experience already
I have a bachelors degree in computer science but I still taught myself everything I've been working on right now.
Hello........I successfully got my cyber security and programming 📀 with the help of @don_hacke on Instagram,he is really active,his work is very effective and very fast you all can patronizing him!
nonfunctional requirements are always de-prioritized at deployment time crunch. The impetus to implement security can't originate from development, it has to be prioritized and funded by business
Totally agree! Thanks for the video 😎👍
I agree , and thanks to this speech sir..
This video makes good points but it misses the mark. First security isn't about all about the coders. Even if you train coders to program secure, their code wont be secure if given too tight of a deadline. Second, even if the coders followed security best practices, the application implementation, use, and support, also need to be performed in a secure way. Screw those up and the most secure software in the world wont prevent security breaches.
nice talk but it's very theoretical most of the time developers works with tight deadline they don't have the time and the energy to go deep in security
agree, this contradicts their operational value orientation
Great video
Am I the only one who thinks he didn't say anything new?
made me think
Using blockchain will be a much safer and secure option for monetary 'transactions'. Well guess what the banks actually dont really care about their user's data.
I think it is very important to have secure technology. If we don't, then it hinders our safety.
Emily Clapper It can never be secure unless we as an individual do something about it.
Emily Clapper I totally agree !
so smart
Why not use an operating system that supports capabilities? Then your application developers can stick to their jobs and the OS can do its job.
I cant get a straight answer for this but im currently pursuing a network technology and management bachelors degree will this degree help me in this field?
Don't waste your money. I recommend self-education and certifications. Degrees are overrated (gen-ed courses have NOTHING to do with IT)
Yep, go for your first two certs while learning a programming language
@@YoungDen Which two certs are you referring to? CISCO? and also, which programming languages do you recommend. Also, where is a good place to get your foot in the door, in relation to Cybersecurity? While studying towards certs
That is a lot to ask of a coder... how about you coming out with templates of what not to do for coders if it is so easy?
A L was
Seasoned Software Engineers already use negative test cases.. This is a well known testing paradigm, that is in my experience, taught in school and on the job, and has been for quite some time. Hence, as a 'Coder' (see: don't call me that.) I didn't find very much value from this talk. In fact, the dude in the talk didn't sound much like a 'Coder' at all, but had he been a 'Coder', he would probably know that negative test cases are a normal thing.
Joey Orlando That's one of my pet peeves too. It's not writing a code, it's engineering/developing software.
software and hardware! ;)
Exactly. Hardware security is even more important
We have a website about this and a youtube channel - check us out if you are interested in learning more about cybersecurity.
As someone with experience in losing privacy and security; both online, and walking out my front door.
They are both an illusion. Like endless and free electricity.
You must spend resources to enjoy computer games. So as, your only option is to the world when you act in it.
Trust creates growth and opportunities; whilst secrecy may seem a safe option; the more data which brace people share means the more ures and the greater health for society.
Distrust only creates opportunities for further deception.
Better to enforce honesty and watchout for one another.
I disagree. The developers should be making the software as per the customers business requirements. Those requirements are the driving force behind development and testing. If the requirements don't stipulate that each function. Each rule. Each use case should have "things it must not do" as a security feature, from the moment the requirements are agreed and signed off. The developers are not obliged to write in those features out the goodness of their heart. And more often than not, they are not permitted to simply add functionality that hasn't been agreed and isn't being paid for. Placing all of the responsibility of cybersecurity on coders is unacceptable. It starts with the customer.
Yes, but when you are discusing project with clients, you can explain them some nessesary things (what should be done and how much it will cost) to make software they ordered secure. Clients does not need to be experts in computer science (that's why they hire you), so it's your duty to say for them, that you need to do some things to ensure their software is as safe as possible even if it cost more. Noone says to do it for free, but you need to show them why they need it and they will pay for work you will spend
want a little more security? don't use anything with "microsoft" or "apple" in the name
Interesting but I have to disagree with his statement about coders not knowing security. Having been 'coding' for the last decade, security concerns and data protection are areas that are focused on very closely and are integral throughout the design process. An interesting talk though
Not all coders are aware of the security risks in fact most of them are at fault fro creating buggy codes an it's the job of the Cyber experience to clean your mess.
@@kaishramlalaram3456 does cyber security requires coding.
@@randomcreativeyoutuber7518 security controls during development is part of the duties of security of professionals, it may involve code analysis and testing, pentesting, and when u automate tasks, all require coding skills
@@hsyiuben thankyou
.......
Political
CIA
Well this was a waste of time.
R he says coders should be more aware of cybersecurity breaches to protect people. Why do you say what you say
Because he is that coder who is to lazy to do at least basic steps to prevent security issues and rather puts data from request right to sql query
Openbsd as a programming environment. Stop using shity software frameworks.
This talk like all TEDx is stupid. because the speaker's solution is let's stop thinking about the finite things my code SHOULD do. and start thinking about the nearly INFINITE things my code SHOULD NOT do.
What exactly is wrong with viewing code from this angle? Making code do things it "should not" is precisely how a hacker approaches it.
For instance, my program is meant to run on this socket when it gets this "x" request. That's what it should do. Are you implying the programmer should stop there?
A hacker would think what would happen if it got "y" request on that socket (or "x" request on a different port)?
What if a forged packet was crafted and sent, are there any safeguards in place?
What are the minimum permissions I can set and still have a functional program?
Does my code have good obfuscation against reverse engineering?
These are basic questions that a programmer should ask himself. Only focusing on what code SHOULD do isn't enough, and will make your programs buggy and insecure.