Hacking Secure Coding into Highschool Education

Thu, 27 Jun 2024 @ 16:20:00

Short Abstract:

In this talk, we’ll introduce the “Secure From Scratch” approach to secure coding. We’ll discuss PREVENT - an acronym and methodology that encompasses secure coding principles for developers who may not have heard of or learned enough from OWASP’s top 10. We’ll also share our experience in reaching high school students and providing them with a secure coding workshop. In the workshop, they learned the importance of secure coding by putting PREVENT into practice in a lab. They found it interesting and exciting. We’ll outline how we structure our workshops so that anyone can replicate them and provide real benefits to developers, without overwhelming them with buzzwords, vulnerabilities, or exploits that they neither want nor have time to deal with.

Talk Format: (~40 minutes) Audience Level: All

Presentation Outline

  1. Intro: Why coding education must change.

  2. How did we reach high schools

  3. How do we build workshops that developers like 3.1. A quick poll: What do you think? Do developers need to know about the OWASP top 10, or is teaching them secure coding enough? 3.2. The feedback we received from developers. 3.3. The PREVENT acronym and methodology. 3.4. Looking for a scenario. 3.5. Building a skeleton. 3.6. Building solutions. 3.7. Creating a building block – software infrastructure.

  4. Call for Action: 4.1 After the information we introduced, every one of you can join us and contribute to a secure-from-scratch coding lab. To help you do this, we are going to introduce a GitHub repository dedicated to secure coding workshops. 4.2 What can you contribute? Sharing ideas for lab scenarios. Developing a lab. Code reviewing a lab and the solutions proposed. Experiencing labs and sharing your feedback. Recording a video of a lab walkthrough

  5. Summary: 5.1. While the industry strives to create different tools to secure applications, there is something we can do as a community to ensure developers create as few coding errors that lead to vulnerabilities as possible. Let’s change programming education. 5.2 Please join the Secure from Scratch Discord channel. 5.3 Write to us and tell us how you want to participate

  6. Q & A